Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Andrej Simulator X.exe

Overview

General Information

Sample name:Andrej Simulator X.exe
Analysis ID:1640015
MD5:9cc5ea6b17297d7043204a0e0f89388f
SHA1:4e2b63ab02bea68e09b2a30cfe748ac6bdc14579
SHA256:f1dc6095672e9b120665b1c64c752965267795d92888db4d53fbf5351320b0e3
Tags:exetrojanuser-2huMarisa
Infos:

Detection

Score:57
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to register a low level keyboard hook
Joe Sandbox ML detected suspicious sample
Sample or dropped binary is a compiled AutoHotkey binary
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries keyboard layouts
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Classification

Process Tree

  • System is w10x64
  • Andrej Simulator X.exe (PID: 6444 cmdline: "C:\Users\user\Desktop\Andrej Simulator X.exe" MD5: 9CC5EA6B17297D7043204A0E0F89388F)
    • aaa.exe (PID: 6564 cmdline: C:\Users\user~1\AppData\Local\Temp\aaa.exe MD5: 5BDA7A403E7F8BE8C8576343E077499B)
      • kitty.exe (PID: 6440 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 5180 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 1716 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 5212 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 7420 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 7468 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 7696 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 7772 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 7952 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 8008 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 8084 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 8132 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 7276 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 7364 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 1508 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 1492 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 3020 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 7624 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 8280 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 8348 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 8468 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 8524 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 8656 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 8708 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 8792 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 8840 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • Conhost.exe (PID: 8680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 9004 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 9064 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 9072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • kitty.exe (PID: 9200 cmdline: C:\Users\user~1\AppData\Local\Temp/kitty.exe MD5: 96266EC448AE60CAB541383AC73768EF)
        • cmd.exe (PID: 484 cmdline: "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • bbb.exe (PID: 6520 cmdline: C:\Users\user~1\AppData\Local\Temp\bbb.exe MD5: 396CA541EE2C20071F77D26AE030C832)
  • firefox.exe (PID: 7788 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\user\Desktop\EEGWXUHVUG.xlsx MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7460 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\user\Desktop\EEGWXUHVUG.xlsx MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7836 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2160 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a88eb5-c4bc-4db2-bbf1-af3b480820a8} 7460 "\\.\pipe\gecko-crash-server-pipe.7460" 19e6966bd10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8272 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4168 -parentBuildID 20230927232528 -prefsHandle 4164 -prefMapHandle 4236 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cedb21be-d290-4d2b-8e14-0382280b0675} 7460 "\\.\pipe\gecko-crash-server-pipe.7460" 19e7b665b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Users\user~1\AppData\Local\Temp\aaa.exe, CommandLine: C:\Users\user~1\AppData\Local\Temp\aaa.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\aaa.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\aaa.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\aaa.exe, ParentCommandLine: "C:\Users\user\Desktop\Andrej Simulator X.exe", ParentImage: C:\Users\user\Desktop\Andrej Simulator X.exe, ParentProcessId: 6444, ParentProcessName: Andrej Simulator X.exe, ProcessCommandLine: C:\Users\user~1\AppData\Local\Temp\aaa.exe, ProcessId: 6564, ProcessName: aaa.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Andrej Simulator X.exeAvira: detected
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAvira: detection malicious, Label: HEUR/AGEN.1354393
Multi AV Scanner detection for submitted file
Source: Andrej Simulator X.exeVirustotal: Detection: 56%Perma Link
Source: Andrej Simulator X.exeReversingLabs: Detection: 47%
Joe Sandbox ML detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.2% probability
Source: Andrej Simulator X.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49785 version: TLS 1.2
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004774C0 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose,0_2_004774C0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0042E210 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,__wcstoi64,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,0_2_0042E210
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004774C0 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose,1_2_004774C0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004440A0 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,1_2_004440A0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00456180 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,1_2_00456180
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0042E210 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,__wcstoi64,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,1_2_0042E210
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00444380 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,1_2_00444380
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00477430 FindFirstFileW,FindClose,GetFileAttributesW,1_2_00477430
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004446C0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,1_2_004446C0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00455C10 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose,1_2_00455C10
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00472DE0 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle,1_2_00472DE0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00454FA0 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize,CoCreateInstance,CoUninitialize,1_2_00454FA0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004774C0 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose,2_2_004774C0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004440A0 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,2_2_004440A0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00456180 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,2_2_00456180
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0042E210 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,__wcstoi64,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,2_2_0042E210
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00444380 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,2_2_00444380
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00477430 FindFirstFileW,FindClose,GetFileAttributesW,2_2_00477430
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004446C0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,2_2_004446C0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00455C10 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose,2_2_00455C10
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00472DE0 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle,2_2_00472DE0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00454FA0 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize,CoCreateInstance,CoUninitialize,2_2_00454FA0
Source: firefox.exeMemory has grown: Private usage: 1MB later: 225MB
Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00454910 __wcstoi64,InternetOpenW,InternetOpenUrlW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetReadFile,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,InternetReadFile,InternetReadFileExA,InternetReadFileExA,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,InternetReadFileExA,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,DeleteFileW,1_2_00454910
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1761994731.0000019E7CE56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1720219419.0000019E7BAAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1719313350.0000019E7CE42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1705583716.0000019E86237000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1705583716.0000019E86237000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1761994731.0000019E7CE56000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1720219419.0000019E7BAAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1719313350.0000019E7CE42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A63500A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A63500A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A63500A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.prod.mozaws.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000028.00000003.1720557858.0000019E7BA68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000028.00000003.1720881716.0000019E7B409000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000028.00000003.1762349365.0000019E7BC8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000028.00000003.1720692362.0000019E7B9F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000028.00000003.1757313602.0000019E874C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1782036687.0000019E874C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#
Source: firefox.exe, 00000028.00000003.1753108851.0000019E7BA55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1281436307.0000019E79EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B26B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1491104347.0000019E878DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1546410077.0000019E878ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1590293867.0000019E79577000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1473832410.0000019E7BC10000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1745041168.0000019E7BA40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1701315216.0000019E79ED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1501333646.0000019E7CA0E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1553674845.0000019E79597000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1507776093.0000019E77371000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1400312564.0000019E79597000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1574504611.0000019E79587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1557688185.0000019E78ACE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1772822444.0000019E7B6CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1563273168.0000019E78ACE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1545254729.0000019E87887000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000028.00000003.1477023193.0000019E7A0DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000028.00000003.1477023193.0000019E7A0DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 00000028.00000003.1706870077.0000019E83647000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000028.00000003.1742457548.0000019E7CE79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1745041168.0000019E7BA68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742605420.0000019E7CAB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1720557858.0000019E7BA68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1727342187.0000019E7A8A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000028.00000003.1770570492.0000019E7B77A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulp
Source: mozilla-temp-41.40.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000028.00000003.1265131663.0000019E79176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1256870298.0000019E79147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1255755219.0000019E79130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1257962538.0000019E7915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254964492.0000019E79119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254135275.0000019E78F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000028.00000003.1730805417.0000019E87D4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1713429335.0000019E87D49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: bbb.exe, bbb.exe, 00000002.00000000.845507767.00000000004A1000.00000002.00000001.01000000.00000005.sdmp, bbb.exe, 00000002.00000002.2105905701.00000000004A1000.00000002.00000001.01000000.00000005.sdmp, Andrej Simulator X.exe, bbb.exe.0.dr, aaa.exe.0.drString found in binary or memory: https://autohotkey.com
Source: Andrej Simulator X.exe, bbb.exe.0.dr, aaa.exe.0.drString found in binary or memory: https://autohotkey.comCould
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000033.00000002.1805284941.000001A6350EB000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.40.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: firefox.exe, 00000033.00000002.1805284941.000001A6350EB000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.40.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466367818.0000019E86221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466367818.0000019E86221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466367818.0000019E86221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466367818.0000019E86221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000028.00000003.1265131663.0000019E79176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1256870298.0000019E79147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1255755219.0000019E79130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1257962538.0000019E7915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254964492.0000019E79119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254135275.0000019E78F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000028.00000003.1770570492.0000019E7B7A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000033.00000002.1805284941.000001A6350EB000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.40.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: firefox.exe, 00000033.00000002.1805284941.000001A6350EB000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.40.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000028.00000003.1722232198.0000019E7B288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000028.00000003.1265131663.0000019E79176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1256870298.0000019E79147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1255755219.0000019E79130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1257962538.0000019E7915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254964492.0000019E79119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254135275.0000019E78F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000028.00000003.1758365254.0000019E831E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 00000028.00000003.1270833157.0000019E77333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1408552665.0000019E77323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1632039121.0000019E77339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000028.00000003.1270833157.0000019E77333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1408552665.0000019E77323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1632039121.0000019E77339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1706870077.0000019E83647000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A635012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000028.00000003.1540899883.0000019E878E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000028.00000003.1528292527.0000019E8325E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1706870077.0000019E83647000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A635012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A6350C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1706870077.0000019E8361B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A6350C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000033.00000002.1805284941.000001A63502F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000028.00000003.1706870077.0000019E8361B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A6350C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000028.00000003.1761713104.0000019E7CE94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000028.00000003.1706870077.0000019E8361B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A6350C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000028.00000003.1545254729.0000019E87887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1409926942.0000019E878B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1491104347.0000019E87887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1394907637.0000019E878B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1481320864.0000019E878B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000028.00000003.1545254729.0000019E87887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1409926942.0000019E878B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1491104347.0000019E87887000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1394907637.0000019E878B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1481320864.0000019E878B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000028.00000003.1265131663.0000019E79176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1256870298.0000019E79147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1255755219.0000019E79130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1257962538.0000019E7915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254964492.0000019E79119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254135275.0000019E78F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466367818.0000019E86221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466367818.0000019E86221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466367818.0000019E86221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: prefs-1.js.40.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000033.00000002.1805284941.000001A635089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000028.00000003.1477023193.0000019E7A06A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000028.00000003.1477023193.0000019E7A0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1477023193.0000019E7A08F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1719665889.0000019E7BAED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1474230202.0000019E7BAED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000028.00000003.1270833157.0000019E77333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1408552665.0000019E77323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1632039121.0000019E77339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000028.00000003.1270833157.0000019E77333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1408552665.0000019E77323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1632039121.0000019E77339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000028.00000003.1270833157.0000019E77333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1408552665.0000019E77323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1632039121.0000019E77339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000033.00000002.1805284941.000001A635086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000028.00000003.1757313602.0000019E874C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1782036687.0000019E874C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
Source: firefox.exe, 00000028.00000003.1270833157.0000019E77333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1408552665.0000019E77323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1632039121.0000019E77339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000028.00000003.1270833157.0000019E77333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1408552665.0000019E77323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1632039121.0000019E77339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000028.00000003.1270833157.0000019E77333000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1408552665.0000019E77323000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1632039121.0000019E77339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1495962661.0000019E77339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
Source: firefox.exe, 00000028.00000003.1757313602.0000019E874C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1782036687.0000019E874C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000028.00000003.1254135275.0000019E78F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000028.00000003.1501079723.0000019E831D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000028.00000003.1720692362.0000019E7B9F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000028.00000003.1477023193.0000019E7A0DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000028.00000003.1477023193.0000019E7A0DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000028.00000003.1770570492.0000019E7B798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1706870077.0000019E83647000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A635012000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1465344493.0000019E86279000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A635089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000028.00000003.1528292527.0000019E8325E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 00000028.00000003.1528292527.0000019E8325E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000028.00000003.1411652517.0000019E7BD94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1582876659.0000019E7BD94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1397023348.0000019E7BD94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1492982392.0000019E7BD94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000028.00000003.1761112450.0000019E813B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1718239727.0000019E813B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000028.00000003.1715904596.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466087589.0000019E86247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1739776213.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758083988.0000019E86245000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1481010051.0000019E7B852000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000028.00000003.1481010051.0000019E7B852000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000033.00000002.1805284941.000001A6350EB000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.40.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: firefox.exe, 00000028.00000003.1265131663.0000019E79176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1256870298.0000019E79147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1477023193.0000019E7A0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1255755219.0000019E79130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1257962538.0000019E7915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254964492.0000019E79119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254135275.0000019E78F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86237000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1705583716.0000019E86237000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000028.00000003.1705583716.0000019E86237000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000028.00000003.1705583716.0000019E86237000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1499680178.0000019E8621B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000028.00000003.1451066470.0000019E790AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1426275822.0000019E832F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000028.00000003.1265131663.0000019E79176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1256870298.0000019E79147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1255755219.0000019E79130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1257962538.0000019E7915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254964492.0000019E79119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254135275.0000019E78F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000028.00000003.1265131663.0000019E79176000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1256870298.0000019E79147000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1718051202.0000019E831E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1477023193.0000019E7A0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1758365254.0000019E831E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1255755219.0000019E79130000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1257962538.0000019E7915F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254964492.0000019E79119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1254135275.0000019E78F00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000028.00000003.1758365254.0000019E831E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1744070331.0000019E7BAAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000033.00000002.1805284941.000001A6350EB000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.40.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000028.00000003.1540899883.0000019E878E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000033.00000002.1805284941.000001A6350CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 00000029.00000002.1806854971.00000110DF610000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000033.00000002.1804989793.000001A634EC0000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000028.00000003.1718905210.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1519696587.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1742104010.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1761713104.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000028.00000003.1518901436.0000019E850A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1481010051.0000019E7B852000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1500094399.0000019E850A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000028.00000003.1481010051.0000019E7B852000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000028.00000003.1466770644.0000019E7CEA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1805284941.000001A63500A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000028.00000003.1518901436.0000019E850A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1773888103.0000019E7B5A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1500094399.0000019E850A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000028.00000003.1521656204.0000019E7B233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1521656204.0000019E7B275000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.1722232198.0000019E7B233000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49785 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004093C0 SetWindowsHookExW 0000000D,Function_00004C10,00400000,000000000_2_004093C0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004049B0 GetTickCount,GetTickCount,OpenClipboard,OpenClipboard,GetTickCount,OpenClipboard,1_2_004049B0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00479570 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,0_2_00479570
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004046E0 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,0_2_004046E0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00479570 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,1_2_00479570
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004046E0 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,1_2_004046E0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00479570 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalUnlock,CloseClipboard,GlobalFree,GlobalUnlock,CloseClipboard,2_2_00479570
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004046E0 EmptyClipboard,GlobalUnlock,CloseClipboard,GlobalUnlock,GlobalUnlock,GlobalFree,GlobalUnlock,CloseClipboard,SetClipboardData,GlobalUnlock,CloseClipboard,2_2_004046E0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004048B0 GetClipboardFormatNameW,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,GetClipboardData,0_2_004048B0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0043A7A0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,SelectObject,DeleteDC,DeleteObject,_free,GetPixel,ReleaseDC,0_2_0043A7A0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00411F90 GetAsyncKeyState,GetSystemMetrics,GetSystemMetrics,GetCursorPos,WindowFromPoint,GetWindowThreadProcessId,SendMessageW,mouse_event,mouse_event,0_2_00411F90
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0040146B SetTimer,GetTickCount,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,0_2_0040146B
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0040F956 GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,_free,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,0_2_0040F956
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0040F520 __wcsnicmp,__wcsnicmp,GetWindowThreadProcessId,AttachThreadInput,GetKeyboardLayout,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetTickCount,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,__wcsnicmp,_wcschr,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsicoll,PostMessageW,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__wcsnicmp,__wcsnicmp,__fassign,PostMessageW,PostMessageW,PostMessageW,__itow,PostMessageW,_free,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetForegroundWindow,GetWindowThreadProcessId,0_2_0040F520
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00412DD0 GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetKeyState,0_2_00412DD0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004013F4 GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,KillTimer,DragQueryFileW,DragFinish,GetTickCount,DragFinish,DragFinish,_wcsncpy,_wcsncpy,GetTickCount,_wcsncpy,GetTickCount,IsDialogMessageW,SetCurrentDirectoryW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW,1_2_004013F4
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0040F520 __wcsnicmp,__wcsnicmp,GetWindowThreadProcessId,AttachThreadInput,GetKeyboardLayout,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetTickCount,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,__wcsnicmp,_wcschr,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsicoll,PostMessageW,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__wcsnicmp,__wcsnicmp,__fassign,PostMessageW,PostMessageW,PostMessageW,__itow,PostMessageW,_free,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetForegroundWindow,GetWindowThreadProcessId,1_2_0040F520
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0040F956 GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,_free,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,1_2_0040F956
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00412DD0 GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetKeyState,1_2_00412DD0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004013F4 GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,KillTimer,DragQueryFileW,DragFinish,GetTickCount,DragFinish,DragFinish,_wcsncpy,_wcsncpy,GetTickCount,_wcsncpy,GetTickCount,IsDialogMessageW,SetCurrentDirectoryW,TranslateAcceleratorW,TranslateMessage,DispatchMessageW,2_2_004013F4
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0040F520 __wcsnicmp,__wcsnicmp,GetWindowThreadProcessId,AttachThreadInput,GetKeyboardLayout,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetTickCount,BlockInput,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,__wcsnicmp,_wcschr,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsicoll,PostMessageW,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,__wcsnicmp,__wcsnicmp,__fassign,PostMessageW,PostMessageW,PostMessageW,__itow,PostMessageW,_free,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetForegroundWindow,GetWindowThreadProcessId,2_2_0040F520
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0040F956 GetTickCount,GetTickCount,PeekMessageW,GetTickCount,_wcschr,_wcschr,__wcsnicmp,_free,GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,2_2_0040F956
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00412DD0 GetKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetKeyState,2_2_00412DD0

System Summary

barindex
Sample or dropped binary is a compiled AutoHotkey binary
Source: C:\Users\user\Desktop\Andrej Simulator X.exeWindow found: window name: AutoHotkeyJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeWindow found: window name: AutoHotkeyJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeWindow found: window name: AutoHotkeyJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 51_2_000001A6355A78F7 NtQuerySystemInformation,51_2_000001A6355A78F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 51_2_000001A6355CB8B2 NtQuerySystemInformation,51_2_000001A6355CB8B2
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00440870: CreateFileW,DeviceIoControl,CloseHandle,1_2_00440870
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004561F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004561F0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004561F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_004561F0
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Windows\SysWOW64\hal.dllJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0040C8000_2_0040C800
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0049B08C0_2_0049B08C
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0040C1E00_2_0040C1E0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004999EF0_2_004999EF
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0040DA400_2_0040DA40
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00496A050_2_00496A05
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00414AC10_2_00414AC1
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00414AC00_2_00414AC0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004082900_2_00408290
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0042F2A00_2_0042F2A0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0040F5200_2_0040F520
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00401DE00_2_00401DE0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004195A80_2_004195A8
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0041CEB40_2_0041CEB4
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00407FC00_2_00407FC0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0043A7A00_2_0043A7A0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004013F41_2_004013F4
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0049F0101_2_0049F010
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0049B08C1_2_0049B08C
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004601701_2_00460170
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0040C1E01_2_0040C1E0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0049D1F11_2_0049D1F1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004482601_2_00448260
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0047F2601_2_0047F260
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004082901_2_00408290
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0042F2A01_2_0042F2A0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004204901_2_00420490
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004425701_2_00442570
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0040F5201_2_0040F520
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004925B21_2_004925B2
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0048E6001_2_0048E600
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004186B01_2_004186B0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004827551_2_00482755
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0041C7001_2_0041C700
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004897EE1_2_004897EE
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0043A7A01_2_0043A7A0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0043F8701_2_0043F870
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0040C8001_2_0040C800
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0049D8CD1_2_0049D8CD
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004849701_2_00484970
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004829C51_2_004829C5
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004999EF1_2_004999EF
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0040DA401_2_0040DA40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00496A051_2_00496A05
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00414AC01_2_00414AC0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00432DD01_2_00432DD0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00401DE01_2_00401DE0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00481E4B1_2_00481E4B
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00499F401_2_00499F40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00475F001_2_00475F00
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00404F101_2_00404F10
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00407FC01_2_00407FC0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004013F42_2_004013F4
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0040F5202_2_0040F520
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0049F0102_2_0049F010
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0049B08C2_2_0049B08C
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004601702_2_00460170
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0040C1E02_2_0040C1E0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0049D1F12_2_0049D1F1
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004482602_2_00448260
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0047F2602_2_0047F260
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004082902_2_00408290
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0042F2A02_2_0042F2A0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004204902_2_00420490
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004425702_2_00442570
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004925B22_2_004925B2
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0048E6002_2_0048E600
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004186B02_2_004186B0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004827552_2_00482755
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0041C7002_2_0041C700
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004897EE2_2_004897EE
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0043A7A02_2_0043A7A0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0043F8702_2_0043F870
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0040C8002_2_0040C800
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0049D8CD2_2_0049D8CD
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004849702_2_00484970
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004829C52_2_004829C5
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004999EF2_2_004999EF
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0040DA402_2_0040DA40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00496A052_2_00496A05
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00414AC02_2_00414AC0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00432DD02_2_00432DD0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00401DE02_2_00401DE0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00481E4B2_2_00481E4B
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00499F402_2_00499F40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00475F002_2_00475F00
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00404F102_2_00404F10
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00407FC02_2_00407FC0
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 51_2_000001A6355A78F751_2_000001A6355A78F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 51_2_000001A6355CB8B251_2_000001A6355CB8B2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 51_2_000001A6355CBFDC51_2_000001A6355CBFDC
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 51_2_000001A6355CB8F251_2_000001A6355CB8F2
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\aaa.exe F95E930591F548867F1193578379B51F760E0FE2881F1300175BF4215AD15900
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\kitty.exe E9766F9A92F93565A82237FF3AD16FAE0CA2A2795B0740911818AFF95010D163
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: String function: 00476750 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: String function: 00430930 appears 268 times
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: String function: 0048FF69 appears 346 times
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: String function: 0049B270 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: String function: 00430680 appears 80 times
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: String function: 004948A0 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: String function: 0049016D appears 54 times
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: String function: 004766B0 appears 73 times
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: String function: 00476750 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: String function: 00430930 appears 268 times
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: String function: 0048FF69 appears 346 times
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: String function: 0049B270 appears 44 times
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: String function: 00430680 appears 80 times
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: String function: 004948A0 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: String function: 0049016D appears 54 times
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: String function: 004766B0 appears 73 times
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: String function: 00430930 appears 140 times
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: String function: 0048FF69 appears 96 times
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: String function: 00430680 appears 48 times
Source: Andrej Simulator X.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: Andrej Simulator X.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: Andrej Simulator X.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: Andrej Simulator X.exeBinary or memory string: OriginalFilename vs Andrej Simulator X.exe
Source: Andrej Simulator X.exe, 00000000.00000002.2106646755.000000000059C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs Andrej Simulator X.exe
Source: Andrej Simulator X.exe, 00000000.00000002.2106646755.0000000000673000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename vs Andrej Simulator X.exe
Source: Andrej Simulator X.exeBinary or memory string: OriginalFilename vs Andrej Simulator X.exe
Source: Andrej Simulator X.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal57.spyw.evad.winEXE@104/32@30/7
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00431620 __wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,_memset,CreateProcessW,CloseHandle,CloseHandle,GetLastError,_memset,__wcsicoll,_wcschr,SetCurrentDirectoryW,_wcschr,_wcschr,GetFileAttributesW,_wcschr,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,GetLastError,FormatMessageW,0_2_00431620
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004561F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004561F0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004561F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_004561F0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00440510 _wcsncpy,GetDiskFreeSpaceExW,1_2_00440510
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00456400 CreateToolhelp32Snapshot,Process32FirstW,__wcstoi64,Process32NextW,__wsplitpath,__wcsicoll,Process32NextW,CloseHandle,CloseHandle,CloseHandle,1_2_00456400
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00455330 CoInitialize,CoCreateInstance,__fassign,GetKeyboardLayout,__fassign,GetFullPathNameW,CoUninitialize,1_2_00455330
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00478510 SystemParametersInfoW,LoadLibraryExW,EnumResourceNamesW,FindResourceW,LoadResource,LockResource,GetSystemMetrics,FindResourceW,LoadResource,LockResource,SizeofResource,CreateIconFromResourceEx,FreeLibrary,ExtractIconW,ExtractIconW,0_2_00478510
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8716:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1820:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6996:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8848:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7376:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8356:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8140:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1652:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7780:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8532:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9072:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:416:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6544:120:WilError_03
Source: C:\Users\user\Desktop\Andrej Simulator X.exeFile created: C:\Users\user~1\AppData\Local\Temp\kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: /restart1_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: /force1_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: /ErrorStdOut1_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: A_Args1_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: A_Args1_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: AutoHotkey1_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: AutoHotkey1_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: Clipboard1_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCommand line argument: @HI1_2_00494790
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: /restart2_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: /force2_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: /ErrorStdOut2_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: A_Args2_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: A_Args2_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: AutoHotkey2_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: AutoHotkey2_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: Clipboard2_2_00403D40
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCommand line argument: @HI2_2_00494790
Source: Andrej Simulator X.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\kitty.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Andrej Simulator X.exeVirustotal: Detection: 56%
Source: Andrej Simulator X.exeReversingLabs: Detection: 47%
Source: unknownProcess created: C:\Users\user\Desktop\Andrej Simulator X.exe "C:\Users\user\Desktop\Andrej Simulator X.exe"
Source: C:\Users\user\Desktop\Andrej Simulator X.exeProcess created: C:\Users\user\AppData\Local\Temp\aaa.exe C:\Users\user~1\AppData\Local\Temp\aaa.exe
Source: C:\Users\user\Desktop\Andrej Simulator X.exeProcess created: C:\Users\user\AppData\Local\Temp\bbb.exe C:\Users\user~1\AppData\Local\Temp\bbb.exe
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\user\Desktop\EEGWXUHVUG.xlsx
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\user\Desktop\EEGWXUHVUG.xlsx
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2160 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a88eb5-c4bc-4db2-bbf1-af3b480820a8} 7460 "\\.\pipe\gecko-crash-server-pipe.7460" 19e6966bd10 socket
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4168 -parentBuildID 20230927232528 -prefsHandle 4164 -prefMapHandle 4236 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cedb21be-d290-4d2b-8e14-0382280b0675} 7460 "\\.\pipe\gecko-crash-server-pipe.7460" 19e7b665b10 rdd
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exe
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Andrej Simulator X.exeProcess created: C:\Users\user\AppData\Local\Temp\aaa.exe C:\Users\user~1\AppData\Local\Temp\aaa.exeJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeProcess created: C:\Users\user\AppData\Local\Temp\bbb.exe C:\Users\user~1\AppData\Local\Temp\bbb.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: C:\Users\user\AppData\Local\Temp\kitty.exe C:\Users\user~1\AppData\Local\Temp/kitty.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\user\Desktop\EEGWXUHVUG.xlsx
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2308 -parentBuildID 20230927232528 -prefsHandle 2244 -prefMapHandle 2160 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41a88eb5-c4bc-4db2-bbf1-af3b480820a8} 7460 "\\.\pipe\gecko-crash-server-pipe.7460" 19e6966bd10 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4168 -parentBuildID 20230927232528 -prefsHandle 4164 -prefMapHandle 4236 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cedb21be-d290-4d2b-8e14-0382280b0675} 7460 "\\.\pipe\gecko-crash-server-pipe.7460" 19e7b665b10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\Desktop\Andrej Simulator X.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeSection loaded: kbdsg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\kitty.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\kitty.exeAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Andrej Simulator X.exeStatic file information: File size 2804736 > 1048576
Source: Andrej Simulator X.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1e5c00
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00448010 GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,_wcsncpy,_wcsrchr,WideCharToMultiByte,GetProcAddress,GetProcAddress,GetProcAddress,WideCharToMultiByte,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00448010
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004948E5 push ecx; ret 0_2_004948F8
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0042260D push eax; ret 0_2_00422614
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0042D4D4 push eax; iretd 1_2_0042D4D5
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004948E5 push ecx; ret 1_2_004948F8
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0042D4D4 push eax; iretd 2_2_0042D4D5
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004948E5 push ecx; ret 2_2_004948F8
Source: C:\Users\user\Desktop\Andrej Simulator X.exeFile created: C:\Users\user\AppData\Local\Temp\aaa.exeJump to dropped file
Source: C:\Users\user\Desktop\Andrej Simulator X.exeFile created: C:\Users\user\AppData\Local\Temp\kitty.exeJump to dropped file
Source: C:\Users\user\Desktop\Andrej Simulator X.exeFile created: C:\Users\user\AppData\Local\Temp\bbb.exeJump to dropped file
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00453120 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,0_2_00453120
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00477AB0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,0_2_00477AB0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0047A3E0 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,0_2_0047A3E0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0047A520 GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop,0_2_0047A520
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0046A590 SendMessageW,SendMessageW,SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,PtInRect,SetFocus,SendMessageW,SendMessageW,ShowWindow,SetFocus,InvalidateRect,InvalidateRect,InvalidateRect,MapWindowPoints,InvalidateRect,0_2_0046A590
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0043A7A0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,SelectObject,DeleteDC,DeleteObject,_free,GetPixel,ReleaseDC,0_2_0043A7A0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0043AFB0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_wcsrchr,__wcsicoll,__wcsicoll,__wcsicoll,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,__wcsnicmp,__fassign,__wcsnicmp,_wcsncpy,__fassign,__fassign,__fassign,__fassign,GetDC,DestroyIcon,DeleteObject,DeleteObject,GetIconInfo,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,_free,_free,_free,0_2_0043AFB0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00460170 MulDiv,MulDiv,MulDiv,_wcschr,__wcsicoll,MulDiv,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,_wcschr,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,MulDiv,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetWindowLongW,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,CreateWindowExW,CreateWindowExW,CreateWindowExW,CreateWindowExW,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,CreateWindowExW,SendMessageW,SendMessageW,MulDiv,MulDiv,MulDiv,MoveWindow,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,SetWindowPos,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,1_2_00460170
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00453120 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,1_2_00453120
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0047A3E0 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,1_2_0047A3E0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00463410 GetWindowLongW,GetWindowLongW,GetWindowLongW,__wcsnicmp,__wcsnicmp,__wcsicoll,SetWindowPos,__wcsicoll,__wcsicoll,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,EnableWindow,__wcsnicmp,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,__wcsnicmp,MulDiv,MulDiv,__wcsnicmp,MulDiv,MulDiv,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcstoi64,IsWindow,SetParent,SetWindowLongW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,1_2_00463410
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00439490 GetForegroundWindow,IsWindowVisible,GetWindowThreadProcessId,IsZoomed,IsIconic,GetWindowLongW,GetModuleHandleW,GetProcAddress,1_2_00439490
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0047A520 GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop,1_2_0047A520
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0046A590 SendMessageW,SendMessageW,SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,PtInRect,SetFocus,SendMessageW,SendMessageW,ShowWindow,SetFocus,InvalidateRect,InvalidateRect,InvalidateRect,MapWindowPoints,InvalidateRect,1_2_0046A590
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00466740 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus,1_2_00466740
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00466740 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus,1_2_00466740
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0043A7A0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,SelectObject,DeleteDC,DeleteObject,_free,GetPixel,ReleaseDC,1_2_0043A7A0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0043D800 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,_memset,EnumChildWindows,GetClassNameW,EnumChildWindows,1_2_0043D800
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0043C970 SendMessageW,SendMessageW,SendMessageW,IsWindowVisible,ShowWindow,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,1_2_0043C970
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00477AB0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,1_2_00477AB0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00477B10 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,1_2_00477B10
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0043AFB0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_wcsrchr,__wcsicoll,__wcsicoll,__wcsicoll,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,__wcsnicmp,__fassign,__wcsnicmp,_wcsncpy,__fassign,__fassign,__fassign,__fassign,GetDC,DestroyIcon,DeleteObject,DeleteObject,GetIconInfo,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,_free,_free,_free,1_2_0043AFB0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00460170 MulDiv,MulDiv,MulDiv,_wcschr,__wcsicoll,MulDiv,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,_wcschr,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,MulDiv,MulDiv,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetWindowLongW,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,CreateWindowExW,CreateWindowExW,CreateWindowExW,CreateWindowExW,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,CreateWindowExW,SendMessageW,CreateWindowExW,SendMessageW,SendMessageW,MulDiv,MulDiv,MulDiv,MoveWindow,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,SetWindowPos,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,2_2_00460170
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00453120 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,CreateDCW,GetDC,GetPixel,DeleteDC,ReleaseDC,2_2_00453120
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0047A3E0 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,2_2_0047A3E0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00463410 GetWindowLongW,GetWindowLongW,GetWindowLongW,__wcsnicmp,__wcsnicmp,__wcsicoll,SetWindowPos,__wcsicoll,__wcsicoll,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,EnableWindow,__wcsnicmp,__wcsnicmp,__wcsicoll,__wcsicoll,__wcsicoll,__wcsnicmp,MulDiv,MulDiv,__wcsnicmp,MulDiv,MulDiv,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcstoi64,IsWindow,SetParent,SetWindowLongW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,2_2_00463410
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00439490 GetForegroundWindow,IsWindowVisible,GetWindowThreadProcessId,IsZoomed,IsIconic,GetWindowLongW,GetModuleHandleW,GetProcAddress,2_2_00439490
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0047A520 GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,SetForegroundWindow,SetForegroundWindow,GetForegroundWindow,GetWindow,AttachThreadInput,AttachThreadInput,BringWindowToTop,2_2_0047A520
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0046A590 SendMessageW,SendMessageW,SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,PtInRect,SetFocus,SendMessageW,SendMessageW,ShowWindow,SetFocus,InvalidateRect,InvalidateRect,InvalidateRect,MapWindowPoints,InvalidateRect,2_2_0046A590
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00466740 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus,2_2_00466740
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00466740 SetWindowTextW,IsZoomed,IsIconic,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,__wcsnicmp,MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,GetWindowRect,GetWindowLongW,GetWindowRect,GetClientRect,IsWindowVisible,GetWindowLongW,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,GetDlgCtrlID,SetFocus,2_2_00466740
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0043A7A0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,SelectObject,DeleteDC,DeleteObject,_free,GetPixel,ReleaseDC,2_2_0043A7A0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0043D800 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,_memset,EnumChildWindows,GetClassNameW,EnumChildWindows,2_2_0043D800
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0043C970 SendMessageW,SendMessageW,SendMessageW,IsWindowVisible,ShowWindow,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,2_2_0043C970
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00477AB0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,2_2_00477AB0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00477B10 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,2_2_00477B10
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0043AFB0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_wcsrchr,__wcsicoll,__wcsicoll,__wcsicoll,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,__wcsnicmp,__fassign,__wcsnicmp,_wcsncpy,__fassign,__fassign,__fassign,__fassign,GetDC,DestroyIcon,DeleteObject,DeleteObject,GetIconInfo,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,_free,_free,_free,2_2_0043AFB0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 51_2_000001A6355A78F7 rdtsc 51_2_000001A6355A78F7
Source: C:\Users\user\Desktop\Andrej Simulator X.exeWindow / User API: threadDelayed 2838Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\aaa.exeWindow / User API: foregroundWindowGot 385Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\bbb.exeWindow / User API: foregroundWindowGot 1771Jump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeAPI coverage: 5.3 %
Source: C:\Users\user\AppData\Local\Temp\aaa.exeAPI coverage: 1.8 %
Source: C:\Users\user\AppData\Local\Temp\bbb.exeAPI coverage: 2.3 %
Source: C:\Users\user\AppData\Local\Temp\bbb.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000807Jump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Andrej Simulator X.exeThread sleep count: Count: 2838 delay: -10Jump to behavior
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00413E50 GetKeyboardLayout followed by cmp: cmp al, 19h and CTI: ja 00413F3Fh country: Russian (ru)0_2_00413E50
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00406F10 GetKeyboardLayout followed by cmp: cmp dword ptr [004cc1fch], ebx and CTI: je 004070D7h0_2_00406F10
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00413E50 GetKeyboardLayout followed by cmp: cmp al, 19h and CTI: ja 00413F3Fh country: Russian (ru)1_2_00413E50
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00406F10 GetKeyboardLayout followed by cmp: cmp dword ptr [004cc1fch], ebx and CTI: je 004070D7h1_2_00406F10
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00413E50 GetKeyboardLayout followed by cmp: cmp al, 19h and CTI: ja 00413F3Fh country: Russian (ru)2_2_00413E50
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00406F10 GetKeyboardLayout followed by cmp: cmp dword ptr [004cc1fch], ebx and CTI: je 004070D7h2_2_00406F10
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004774C0 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose,0_2_004774C0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_0042E210 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,__wcstoi64,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,0_2_0042E210
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004774C0 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose,1_2_004774C0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004440A0 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,1_2_004440A0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00456180 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,1_2_00456180
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0042E210 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,__wcstoi64,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,1_2_0042E210
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00444380 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,1_2_00444380
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00477430 FindFirstFileW,FindClose,GetFileAttributesW,1_2_00477430
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004446C0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,1_2_004446C0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00455C10 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose,1_2_00455C10
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00472DE0 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle,1_2_00472DE0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00454FA0 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize,CoCreateInstance,CoUninitialize,1_2_00454FA0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004774C0 _wcschr,_wcschr,_wcschr,FindFirstFileW,FindClose,_wcschr,FindFirstFileW,FindClose,2_2_004774C0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004440A0 FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,2_2_004440A0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00456180 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,2_2_00456180
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_0042E210 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,__wcstoi64,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,2_2_0042E210
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00444380 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,2_2_00444380
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00477430 FindFirstFileW,FindClose,GetFileAttributesW,2_2_00477430
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004446C0 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,2_2_004446C0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00455C10 GetFullPathNameW,GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,_wcsrchr,_wcsrchr,_wcsncpy,GetTickCount,PeekMessageW,GetTickCount,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,FindNextFileW,FindClose,2_2_00455C10
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00472DE0 FindFirstFileW,FindClose,GetFileAttributesW,CreateFileW,WriteFile,WriteFile,WriteFile,CloseHandle,2_2_00472DE0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00454FA0 _wcschr,_wcschr,GetFileAttributesW,FindFirstFileW,FindClose,CoInitialize,CoCreateInstance,CoUninitialize,2_2_00454FA0
Source: firefox.exe, 00000029.00000002.1807352854.00000110DF900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllx
Source: kitty.exe, 00000024.00000002.1264104962.00000000006FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000
Source: kitty.exe, 00000013.00000003.1010073518.0000000000620000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: firefox.exe, 00000033.00000002.1808039749.000001A6356A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|y
Source: kitty.exe, 0000003A.00000003.1419932527.0000000000557000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: firefox.exe, 00000029.00000002.1805816845.00000110DF59A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
Source: firefox.exe, 00000029.00000002.1807352854.00000110DF900000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1804841613.000001A634E8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000033.00000002.1808039749.000001A6356A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllib
Source: kitty.exe, 0000003D.00000003.1520875979.0000000000605000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\)
Source: kitty.exe, 00000013.00000003.1010073518.0000000000620000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\K
Source: kitty.exe, 00000013.00000003.1058038150.00000000005F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: `6f6e6963}#00SimSun-ExtB07500000#{3f5630d-b6bf-110-94f2-00a0c91eb8b}\\?\SCSI#CRom&Ven_NECVMWa&Prod_VMware_SAA_CD00#4&224f42f&0&000000#{53f630d-b6bf-11d0-4f2-00a0c91efb8}&&2
Source: firefox.exe, 00000029.00000002.1807352854.00000110DF900000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000033.00000002.1808039749.000001A6356A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Andrej Simulator X.exeAPI call chain: ExitProcess graph end nodegraph_0-35092
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 51_2_000001A6355A78F7 rdtsc 51_2_000001A6355A78F7
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00411090 GetKeyState,GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput,0_2_00411090
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004969F6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004969F6
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00448010 GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,GetModuleHandleW,_wcsncpy,_wcsrchr,WideCharToMultiByte,GetProcAddress,GetProcAddress,GetProcAddress,WideCharToMultiByte,GetModuleHandleW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00448010
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_0049C88E __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,1_2_0049C88E
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004969F6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004969F6
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00493DF5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00493DF5
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00498532 SetUnhandledExceptionFilter,1_2_00498532
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004969F6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_004969F6
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00493DF5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00493DF5
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00498532 SetUnhandledExceptionFilter,2_2_00498532
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004969F6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_004969F6
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00493DF5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00493DF5
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00431620 __wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,__wcsicoll,_memset,CreateProcessW,CloseHandle,CloseHandle,GetLastError,_memset,__wcsicoll,_wcschr,SetCurrentDirectoryW,_wcschr,_wcschr,GetFileAttributesW,_wcschr,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,GetLastError,FormatMessageW,0_2_00431620
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004128F0 keybd_event,_malloc,_free,0_2_004128F0
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00411F90 GetAsyncKeyState,GetSystemMetrics,GetSystemMetrics,GetCursorPos,WindowFromPoint,GetWindowThreadProcessId,SendMessageW,mouse_event,mouse_event,0_2_00411F90
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: C:\Users\user\AppData\Local\Temp\kitty.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c "echo a>%windir%\system32\hal.dll"
Source: Andrej Simulator X.exe, aaa.exe, bbb.exeBinary or memory string: Program Manager
Source: Andrej Simulator X.exe, aaa.exe, bbb.exeBinary or memory string: Shell_TrayWnd
Source: Andrej Simulator X.exe, aaa.exe, bbb.exeBinary or memory string: Progman
Source: aaa.exe.0.drBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00418117 SetCurrentDirectoryW,GetSystemTimeAsFileTime,0_2_00418117
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00445F40 GetComputerNameW,GetUserNameW,1_2_00445F40
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00414C41 GetModuleHandleW,GetProcAddress,GetVersionExW,__snwprintf,0_2_00414C41
Source: bbb.exeBinary or memory string: WIN_XP
Source: bbb.exeBinary or memory string: WIN_VISTA
Source: bbb.exeBinary or memory string: WIN_7
Source: bbb.exeBinary or memory string: WIN_8
Source: aaa.exe.0.drBinary or memory string: ?*A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle1.1.33.08\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003WIN_2000%04hX0x%Ix*pPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fCcFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfoGetProcessImageFileNameWpsapi
Source: bbb.exeBinary or memory string: WIN_8.1
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_00417010 Shell_NotifyIconW,DeleteObject,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,RemoveClipboardFormatListener,ChangeClipboardChain,mciSendStringW,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,_free,_free,_free,0_2_00417010
Source: C:\Users\user\Desktop\Andrej Simulator X.exeCode function: 0_2_004178B0 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,0_2_004178B0
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_00417010 Shell_NotifyIconW,DeleteObject,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,RemoveClipboardFormatListener,ChangeClipboardChain,mciSendStringW,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,_free,_free,_free,1_2_00417010
Source: C:\Users\user\AppData\Local\Temp\aaa.exeCode function: 1_2_004178B0 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,1_2_004178B0
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_00417010 Shell_NotifyIconW,DeleteObject,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,RemoveClipboardFormatListener,ChangeClipboardChain,mciSendStringW,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,_free,_free,_free,2_2_00417010
Source: C:\Users\user\AppData\Local\Temp\bbb.exeCode function: 2_2_004178B0 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,2_2_004178B0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		121
Input Capture		1
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Screen Capture		12
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares121
Input Capture		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Access Token Manipulation		1
DLL Side-Loading		NTDS24
System Information Discovery		Distributed Component Object Model3
Clipboard Data		3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		1
Extra Window Memory Injection		LSA Secrets31
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Virtualization/Sandbox Evasion		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1640015 Sample: Andrej Simulator X.exe Startdate: 16/03/2025 Architecture: WINDOWS Score: 57 78 www.google.com 2->78 80 wac-ring.wac-9999.wac-msedge.net 2->80 82 26 other IPs or domains 2->82 92 Antivirus / Scanner detection for submitted sample 2->92 94 Multi AV Scanner detection for submitted file 2->94 96 Contains functionality to register a low level keyboard hook 2->96 98 Joe Sandbox ML detected suspicious sample 2->98 11 Andrej Simulator X.exe 3 2->11         started        15 firefox.exe 2->15         started        signatures3 process4 file5 72 C:\Users\user\AppData\Local\Temp\kitty.exe, PE32 11->72 dropped 74 C:\Users\user\AppData\Local\Temp\bbb.exe, PE32 11->74 dropped 76 C:\Users\user\AppData\Local\Temp\aaa.exe, PE32 11->76 dropped 102 Sample or dropped binary is a compiled AutoHotkey binary 11->102 17 aaa.exe 11->17         started        20 bbb.exe 11->20         started        22 firefox.exe 15->22         started        signatures6 process7 dnsIp8 90 Sample or dropped binary is a compiled AutoHotkey binary 17->90 25 kitty.exe 1 17->25         started        28 kitty.exe 17->28         started        30 kitty.exe 1 17->30         started        36 12 other processes 17->36 84 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49768, 49780, 49783 GOOGLEUS United States 22->84 86 prod.classify-client.prod.webservices.mozgcp.net 35.190.72.216, 443, 49758, 49759 GOOGLEUS United States 22->86 88 5 other IPs or domains 22->88 32 firefox.exe 22->32         started        34 firefox.exe 22->34         started        signatures9 process10 signatures11 100 Antivirus detection for dropped file 25->100 38 cmd.exe 2 25->38         started        40 cmd.exe 28->40         started        42 cmd.exe 30->42         started        44 cmd.exe 1 36->44         started        46 cmd.exe 36->46         started        48 cmd.exe 36->48         started        50 9 other processes 36->50 process12 process13 52 conhost.exe 38->52         started        54 conhost.exe 40->54         started        56 conhost.exe 42->56         started        58 conhost.exe 44->58         started        60 conhost.exe 46->60         started        62 conhost.exe 48->62         started        64 conhost.exe 50->64         started        66 conhost.exe 50->66         started        68 7 other processes 50->68 process14 70 Conhost.exe 54->70         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.